In this Section

REDCap Change Log

REDCap Change Log

Version 8.0.2 - (released 11/17/2017)

BUG FIXES & OTHER CHANGES:

  • Minor security fix: A Cross-Site Scripting (XSS) vulnerability was found in a page used by various functionality dealing with user accounts, in which a malicious user could potentially exploit it by manipulating the query string of an HTTP request. (Ticket #30806)
  • Change: The REDCap::evaluateLogic() method was changed slightly with regard to what it returns. This has been changed so that if the logic parameter string is not syntactically correct or if any of the parameters are invalid (e.g., record or event does not exist), it will now return NULL. In previous versions, it would return FALSE in this case, which made it difficult to troubleshoot issues with incorrect parameters being used.
  • Change: For added flexibility, the Survey Queue setup dialog in the Online Designer will now display the project's first data collection instrument (assuming the instrument has been enabled as a survey), whereas previous versions did not allow the first instrument to be enabled in the Survey Queue.
  • Change: When viewing a repeating instrument's data entry form for a record in a project, the "current instance" drop-down displayed near the top of the page no longer displays the instance number in a fraction format where it shows the total instances following by a slash (e.g., 2/5). It now only displays the instance number (and the custom label, if defined). This was changed because it led to confusion in cases where some instances were deleted, thus leaving gaps in the middle but still showing the max instance as the total instances, which is not the same thing and is confusing.
  • Bug fix: For some server configurations, if the Configuration Check page recommends that the administrator replace some outdated non-versioned files, the resulting zip file that they download might be corrupted due to gzip compression issues. (Ticket #30569)
  • Bug fix: When a user is viewing the Data Export Files tab on the File Repository page in a project, and they set the "filter by" drop-down to Stata, R, SPSS, or SAS, then in the results displayed in the table below, the Data CSV file would mistakenly not be downloadable. (Ticket #30578)
  • Bug fix: When creating a new Data Quality rule that is attempting to find blank values (via [field]=""), if all the fields being referenced in the rule logic are blank/null for a given record, the rule would mistakenly not return any discrepancies for that record. (Ticket #30655)
  • Bug fix: When viewing the Configuration Check page in the Control Center, if the "mbstring" PHP extension is not installed on the web server, it would mistakenly throw a fatal PHP error on that page during the "able to send emails" check. (Ticket #30657)
  • Bug fix: In longitudinal projects that utilize the survey queue to display surveys across multiple events, the survey queue would mistakenly order the surveys by instrument order rather than by event order. This has been fixed so that it now orders surveys in the queue by event order so that all the surveys in a given event are grouped together. (Ticket #30704)
  • Bug fix: When a survey is enabled in the survey queue in a longitudinal project, and then that survey instrument is removed from a given event (via the Designate Instruments page), thus orphaning the survey-event in the survey queue, if no other survey-events are enabled in the survey queue, then the Survey Queue button in the Online Designer might mistakenly still have a green checkmark icon next to it, even though no survey-events are enabled in the queue anymore. Also, in this case the survey-event may mistakenly get displayed in a record’s survey queue when the survey is no longer designated for that event.
  • Bug fix: When the survey login is used in a longitudinal project, if multiple fields are set to be the login field, in which the same field is used but on different events or arms, then it would mistakenly not save both instances of the field but would only save one. (Ticket #18430)

Version 8.0.1 - (released 11/9/2017)

BUG FIXES & OTHER CHANGES:

  • Improvement: Added new plugin/hook/module method named REDCap::evaluateLogic(), which returns whether a string of logic (e.g., branching logic) evaluates as true or false based on the data of a given record in a given project.
  • Improvement: New "clickjacking prevention" option at the bottom of the "Security & Authentication" page in the Control Center allows administrators to enable this option if they want to prevent REDCap pages from being embedded in external websites (e.g., embedding a survey page inside an iframe on another website). Preventing clickjacking is often regarded as an improvement to security. Note: If you wish to allow REDCap users to embed REDCap pages in external websites, do not enable this option but leave it as "Allow...".
  • Minor security fixes: Some Cross-Site Scripting (XSS) vulnerabilities were found in various pages in which a malicious user could potentially exploit them by manipulating the query string of an HTTP request.
  • Bug fix: When copying a project with surveys, the value of the "Allow participants to download a PDF of their responses at end of survey?" survey setting would mistakenly not get copied to the new project. (Ticket #28639)
  • Bug fix: When downloading a PDF of a data entry form with data, in which the user is downloading all forms for all records or all forms for a single record, it would mistakenly not display the locking/e-signature timestamps in the PDF. (Ticket #29915)
  • Bug fix: When downloading a PDF of a survey response with data, on certain occasions it might mistakenly display incorrect survey completion timestamps in the PDF. (Ticket #29930)
  • Bug fix: On the Record Status Dashboard when clicking on the form status stack icon (representing multiple repeating instances of a form or event) in a longitudinal project that has multiple arms, it might mistakenly not display the floating table of instances but instead would display a horizontal black line after clicking the icon. (Ticket #29927)
  • Bug fix: In longitudinal projects using repeating events, the Record Home Page might mistakenly display some form status icons in the wrong column in the table for records that have more than one instance saved of a repeating event. (Ticket #30077)
  • Bug fix: When one or more fields in a matrix contain certain special characters in their field label, it might prevent the "Edit Matrix of Fields" popup from being displayed after clicking the pencil icon on the Online Designer. (Ticket #30250)
  • Bug fix: On certain occasions, rule E in the Data Quality module will mistakenly return discrepancies that have blank/null values, which should never be returned when running rule E. (Ticket #14976, #28576)
  • Bug fix: If a Notes field is using the @READONLY action tag, the "expand" link displayed on the survey or form below the text box would mistakenly not work. (Ticket #30433)
  • Bug fix: If a project is utilizing the randomization module, and the randomization field somehow already has a value saved for it prior to a given record being randomized, then it will now disable that field on the data entry form and prevent the record from being randomized. (Ticket #30427)
  • Bug fix: If a project that has repeating instruments or repeating events is using the Data Resolution Workflow module, and a value is marked as Verified on the first instance of a repeating instrument/event, then if a value is changed on another instance of that instrument or event, respectively, then it would mistakenly De-verify the field on the first instance rather than on the current instance. (Ticket #30457)
  • Bug fix: If a project that has repeating instruments or repeating events is using a Data Quality rule with Real-time Execution enabled, if the DQ rule finds discrepancies when saving a repeating instrument/event, in which the user is not on the first instance, then in the DQ discrepancy popup, it might mistakenly display some data values from the first instance of the instrument/event rather than from the current instance. (Ticket #30477)
  • Bug fixes were addressed in the External Modules framework, such as some modules throwing a PHP error when being enabled, and its TinyMCE rich text editor was upgraded.
  • Bug fix: Fixed typo in "Branching Logic Errors Exist!" popup

Version 8.0.0 - (released 11/3/2017)

NEW FEATURES, BUG FIXES, & OTHER CHANGES:

  • New feature: External Modules
    • External Modules are individual packages of software that can be downloaded and installed by a REDCap administrator. Modules can extend REDCap's current functionality, and can also provide customizations and enhancements for REDCap's existing behavior and appearance at the system level or project level. Modules can utilize REDCap hooks and also can have REDCap plugin pages as part of them.
    • A new page in the Control Center allows administrators to navigate to the REDCap Repo (Repository of External Modules) and download any module listed in the REDCap Repo. Only administrators may enable modules, either at the system level or project level, although the permissions regarding who can configure a module (after it has been enabled for a project) is something that can be set at the module level by an administrator on the Control Center’s Module Manager page. Each module has its own set of configuration options, which are all defined by the creator of the module.
    • If you or your users experience any issues with a given module, you are encouraged to notify the author of the module rather than posting a Bug Report on the REDCap Community site.
  • Improvement: On the Public Survey Link page in a project, a new button "Open Public Survey + Logout" has been added to increase security in case users want to open the public survey while ensuring that the participant cannot access their REDCap account in the other browser tab. (Ticket #29686)
  • Bug fix: The font size of any links that were placed in a survey's instructions, field labels, or acknowledgment text would appear too small if the survey was set with "Large" or "Very Large" text size.
  • Bug fix: Fixed typo in Data Import Tool
  • Bug fix: If a user is uploading a Data Dictionary containing a PROMIS CAT (computer adaptive test) survey, in which the CAT contains some multiple choice fields that have duplicate codings, it would mistakenly prevent the user from uploading the Data Dictionary. It should be ignoring duplicate codings in CATs.
  • Bug fix: If a user is uploading a Data Dictionary containing a PROMIS CAT (computer adaptive test) survey and the user modified the Choices column for a CAT field in the Data Dictionary, it would mistakenly accept those changes and allow the Data Dictionary upload to proceed, thus corrupting the CAT's field metadata. This would not affect participants taking the CAT in any way (i.e., the survey would still appear correctly when taking it), but it might cause the CAT not to display correctly when a user views a participant's CAT response on a data entry form afterward.
  • Bug fix: If a user enters data on a repeating instrument but fails to enter a value for a required field, and then the user clicks the "Ignore and go to next form" button in the "Some fields are required" prompt, in which the next form is also a repeating instrument, then it would mistakenly take the user to the next form but on the same instance number that the previous form was on, which may cause some instance numbers to get skipped on the second form. When clicking the "Ignore and go to next form" button, it should always take the user to instance #1 of the next form if the next form is a repeating instrument.
  • Bug fix: Improving compliance with SMTP email servers by added a space after the "Cc:" and "Bcc:" email headers since some SMTP servers might reject emails sent from previous REDCap versions, which had no space in those headers. (Ticket #3943)
  • Bug fix: When editing or adding a calc field in the Online Designer, it would mistakenly still show the results in the section "test calculation with a record" if that option had just been used for another calculated field that was being edited or added previously while on that page, thus mistakenly showing results that do not correspond to the current field being edited/added (Ticket #29682)
  • Bug fix: When opening the Automated Survey Invitation setup popup in the Online Designer, if a particular ASI has been set as "inactive" beforehand, then when the popup opens, it would mistakenly display all the ASI setup options as blank as if it had never been set up before. (Ticket #29765)
  • Bug fix: When the Project Modification Module displays a list of "fields to be deleted", it would mistakenly truncate the count of records/events that would be affected by the field being deleted. (Ticket #29770)
  • Bug fix: If a user opens a data entry form on a repeating event, it would mistakenly never enable the Survey Options at the top right of the page, even if the form has been saved already. (Ticket #29857)
  • Bug fix: When using Twilio telephony services for surveys and then opening the "Analyze surveys for SMS & Voice Calls" popup on the Project Setup page, it would incorrectly say that no surveys have been enabled (even though they have) if the user had failed to check at least one of the checkbox options under the "Choose survey invitations types to use" section in the Twilio configuration. (Ticket #18658)
  • Bug fix: When adding/editing the logic for a Data Quality rule, in which the logic contains a "less than" (<) character followed immediately by a function name (e.g., round) - i.e., without a space between the "<" and the function name, then the rest of the logic would get truncated when displaying the logic in the table of Data Quality rules. (Ticket #30088)

Version 7.6.10 - (released 10/25/2017)

BUG FIXES & OTHER CHANGES:

  • Improvement: Emails sent from REDCap now follow a more standardized format by including both HTML text and plain text in each email, thus making emails a bit more likely to be received by their recipients without them getting flagged as spam.
  • Major bug fix: If a user is in REDCap Messenger and using the "Search by person" option in the Search Conversations feature, then after selecting a username to search on, if the user being searched for has a conversation that has the *exact* same title as one of the current user's conversations' titles, then it would return the other user's conversation in the result (and mistakenly allow its messages to be viewed by the current user) even if the current user does not have access to that conversation. This bug is very rare since it requires using the "Search by person" option (as opposed to the "Search by keyword" option) while also requiring that both users have access to a conversation that is different but has the exact same title.
  • Bug fix: Data Resolution Workflow popup dialog might mistakenly appear empty if some comments or logged events contain certain special characters. (Ticket #29391)
  • Bug fix: The Record Home Page would not display some form status icons correctly for repeating instruments in which the first instance of the instrument does not exist - most likely because it was deleted at some point. (Ticket #28821)
  • Bug fix: The tables of repeating instruments displayed at the bottom of the Record Home Page might not display in the correct order.
  • Bug fix: If field labels contain certain special characters, then when creating/modifying a report, the auto-suggest feature when typing variable names in Step 2 or 3 would mistakenly not work. (Ticket #29354)
  • Bug fix: Confusing text is mistakenly displayed for the instructions on the "Request delete project" button on the Other Functionality page in a project that is in production status. (Ticket #29355)
  • Bug fix: Confusing text is displayed when in draft mode in a production project after a data dictionary has been uploaded. It now states explicitly that the changes have been made to the draft and thus have not been committed to the live version of the project. (Ticket #29430)
  • Bug fix: The Publication Matching module would mistakenly treat a PI's email address as separate emails if it was found to be typed in different cases (lower vs upper) in different REDCap projects. This would cause some PIs to receive emails saying that they had publications to review in REDCap, but it would say "0 publications" when they clicked the link in the email to open the page. Note: While this should fix the issue going forward, it may not fix it for publications already pulled from PubMed for the PIs. (Ticket #29381)
  • Change: For PDF exports of data entry forms with data, if a field that is normally removed from exports due to users having export rights of "De-Identified" or "Remove all tagged Identifier fields" is being piped into a label, field note, etc. in the PDF file, that field value will no longer be piped in the PDF file but will instead be redacted (i.e., replaced with the text "[*DATA REMOVED*]"). This change is made to increase security/privacy regarding de-identification of data in data exports.
  • Bug fix: When submitting data on a data entry form or survey page, the server-side validation mistakenly does not check the values submitted for an "SQL" type field. (Ticket #29401)
  • Bug fix: If a File Upload field has a file uploaded for it but also has the @READONLY action tag, the link to download the file would mistakenly be disabled, thus preventing users from downloading the file. The download link should be enabled to allow users to download the file. (Ticket #29484)

Version 7.6.9 - (released 10/18/2017)

BUG FIXES & OTHER CHANGES:

  • Improvement: Updated the Help & FAQ page with new content.
  • Major bug fix: Users could not create new user roles or edit user roles in a project. Bug was introduced in version 7.6.8. (Ticket #29067)
  • Major bug fix: Automated Survey Invitations would mistakenly not get scheduled for longitudinal projects where the conditional logic contains datediff+today and also contains cross-event logic in which one of the events has no data (i.e., empty event of gray status icons). This same issue would also occur for custom Data Quality rules, in which it would mistakenly not return any discrepancies for records if the rule logic contains datediff+today and also contains cross-event logic in which one of the events has no data. (Ticket #28516)
  • Minor security fix: While REDCap already protects against BREACH attacks by outputting invisible random text of random length onto each web page, it was mistakenly not protected if 302 redirect requests inside REDCap were being analyzed. (This refers to the few scripts in REDCap that serve as a pass-through by outputting an HTTP 302 status code and merely redirect the user to another page.) To prevent BREACH attacks through analysis of REDCap's 302 redirects, it now outputs a new HTTP header with each request, in which the header's value is random text of random length. In this way, even 302 redirect requests will return with a random content-length each time.
  • Bug fix: A fatal PHP error can occur on every project page if the REDCap web server is running PHP 5.3 or 5.4. This appears to only occur if the External Modules beta version is installed on the REDCap server. (Ticket #28628)
  • Bug fix: If a survey queue is set up in a longitudinal project, and then the event-form designations are modified afterward, it might mistakenly display some surveys in the survey queue that should not be displayed. (Ticket #28696)
  • Bug fix: If a report is being sorted by the record ID field in descending order, and the project has record auto-numbering enabled but some of the record names are not numerical (because they were created via a data import or before record auto-numbering was enabled), then the report would fail to order the results correctly. This occurs because the report would falsely assume that all record names were numerical merely because record auto-numbering was enabled, in which case it would try performing a numerical sort, which does not work as expected with non-numerals. REDCap now only attempts to perform a numerical sort of the sort fields if the fields are truly numbers (i.e., have "number" or "integer" validation or are a slider or calc field).
  • Bug fix: The cron job to trigger Automated Survey Invitations that have datediff+today in their conditional logic would stop suddenly if any ASI logic was syntactically incorrect, thus preventing other later ASIs in that same project from getting run. Additionally, the cron job might mistakenly be checking ASIs that had been disabled. (Ticket #28516)
  • Bug fix: A fatal PHP error can occur on every project page if the REDCap web server is running PHP 5.3 or 5.4. This appears to only occur if the External Modules beta version is installed on the REDCap server. (Ticket #28628)
  • Bug fix: For longitudinal projects with multiple arms and with repeating instruments, on the Record Home Page or Record Status Dashboard when clicking on the form status "stack" icon for a repeating instrument with multiple instances saved, it would mistakenly not display the floating popup list of all the instances for that instrument but would instead display an empty box. (Ticket #28970)
  • Bug fix: The Safari browser might mistakenly throw JavaScript errors on survey pages.

Version 7.6.8 - (released 10/10/2017)

BUG FIXES & OTHER CHANGES:

  • Improvement: When a calc field's value is changed, it will now display a red border on the right edge of the calc field's text box to subtly indicate that the displayed value is different from the stored value in the database. And if the calculated value gets changed so that its value matches the stored value again, the red border will disappear. This will help users make note of when calculations have been triggered and if there is any disparity between the displayed value and the stored value.
  • Major bug fix: If a calculated field in a longitudinal project is using cross-event calculations, in which at least one of the fields in the calculation has a prepended event name (e.g., [enrollment_arm_1][field]) while also one of the fields does not have a prepended event name (e.g., [feld]), then even though the calculated value displayed on the form/survey appears correct prior to saving, the field might mistakenly get saved with a blank value when pressing the Save button. This would not be noticeable by the user when entering data but only seen in a report/export or when running Data Quality rule H. Note: This issue does not appear to affect Automated Survey Invitations, calculations performed during data imports, or Data Quality rule H, but it only occurs when saving data on data entry forms and surveys in this very specific scenario described above. To fix this issue after upgrading REDCap, the user can run Data Quality rule H in the project, or an administrator can use the "Find Calculation Errors in Projects" page in the Control Center to find any affected projects.
  • Bug fix: If the PHP memory_limit configuration setting was set in units of "G" (for gigabytes) in the PHP.INI file, it would get interpreted incorrectly when attempting to increase PHP memory allocation.
  • Bug fix: When printing out a survey containing responses where some "enhanced radio buttons and checkboxes" have been selected on the survey, it would be confusing in the printout as to which choice was selected. (Ticket #28111)
  • Bug fix: Project pages would not render correctly due to JavaScript errors occurring on every page if the using Internet Explorer 8. (Ticket #28178)
  • Bug fix: When viewing a read-only survey response on a data entry form (i.e., prior to clicking the "Edit response" button), if a calculated field's value changed when the page loaded, then if the user attempted to close the browser tab or clicked a link to navigate to another page, it would mistakenly prompt them with the "Save your changes?" dialog. It should only prompt them with that dialog if they were in edit mode for that survey response.
  • Bug fix: When the Data History popup for a field on a data entry form, if two events for the field occurred at the same exact time, such as saving data with an auto-calculation event right after, those two events might mistakenly not be displayed in the correct order in the popup.
  • Bug fix: When using Table-based authentication and a user is asked to set up their password recovery question, their email address would not get displayed correctly inside the prompt if their email address contains an apostrophe, in which this would prevent them from fully setting up their recovery question. (Ticket #28439)
  • Bug fix: When a data export takes more time to complete than the set auto-logout time for REDCap, it would mistakenly prevent the data export from completing fully because the "Your REDCap session has expired" dialog would appear on the page even if the user is actively moving their cursor around or clicking on the page, which normally restarts the auto-logout timer to prevent the auto-logout from occurring while a user is still active on a page.
  • Bug fix: When using the Data Resolution Workflow module in a project containing repeating instruments while also using Data Access Groups, some of the charts displayed on the the Resolution Metrics page, specifically "Number of open queries (by data access group)" and "Number of closed queries (by data access group)", would mistakenly display incorrect counts in the chart. This issue was supposed to have been fixed in the previous release but mistakenly was only partially fixed.
  • Bug fix: If the Data Resolution Workflow (DRW) is enabled on a project, and a user has DRW user privileges but does not have Data Quality user privileges, then the "Data Quality" link would mistakenly be displayed on the left-hand menu. (Ticket #28514)
  • Bug fix: When importing data via the Data Import Tool or API import records method, if a variable in the import mistakenly had some uppercase letters when all letters should be lowercase, the error message to the user would omit those uppercase letters when displaying the incorrect variable names to the user, thus making it difficult to understand the error message to learn what is wrong. (Ticket #28293)

Version 7.6.7 - (released 10/2/2017)

BUG FIXES & OTHER CHANGES:

  • Major bug fix: If using "LDAP & Table-based" authentication and an LDAP user logs in to REDCap when a Table-based user account already exists under the same username (i.e., a username conflict), then the LDAP user would mistakenly get successfully authenticated into REDCap and would be able to view and access all the other user's projects as if they were the other user. This has been changed so that now if a username conflict occurs, in which a Table-based username is the same as a valid LDAP user's username, then when the LDAP user attempts to log in, REDCap will not allow them to log in but will give them an informational note about the username conflict and will recommend that they contact their local administrator about how to resolve the issue.
  • Major bug fix: When using the REDCap mobile app to import data for auto-numbered records into a project in REDCap that is on version 7.6.4, 7.6.5, or 7.6.6, under very specific circumstances it might not perform the record-autonumbering correctly during the import process and might mistakenly overwrite an existing record on the server with data from a new record from the mobile app. Upgrading a user's REDCap mobile app to the latest version will prevent this issue, and upgrading REDCap to versin 7.6.7 will also prevent this issue going forward.
  • Bug fix: If the Rate Limiter on the General Configuration page in the Control Center is set to "0" or a blank value, it would mistakenly ban the IP address of every user that attempted to use REDCap.
  • Bug fix: In a multi-arm longitudinal project using the Scheduling module, in which a record has been scheduled for more than one arm, the "View or Edit Schedule" page's record drop-down list would mistakenly display the record only for a single arm rather than for all arms for which it had been scheduled.
  • Change: Added a new flag on the General Configuration page in the Control Center to note if the REDCap server is a development/test/staging server (i.e., a non-production server). If the server is indeed flagged as a development/test/staging server, then REDCap will enable full PHP error reporting, thus outputting all PHP errors to the user interface in the event of an error. This can be used to aid developers or other technical folks when troubleshooting certain REDCap errors or PHP issues.
  • Bug fix: When exporting data to a statistical analysis package (i.e., SAS, SPSS, R, Stata), if the project contains Data Access Groups and also Repeating Instruments/Events, it would mistakenly list the DAG field and Repeating Instrument/Instance fields in the wrong order in the stats package's syntax file that gets generated. This would prevent users from loading the data into the stats package. (Ticket #27883)
  • Bug fix: If a user fails to enter data for a required field that exists on a repeating event, then when the required field popup prompt is displayed, if the user clicks the "Ignore and go to next form" button, it would mistakenly redirect them to the first instance of the event rather than to the current instance. (Ticket #27891)
  • Bug fix: When using the Data Resolution Workflow module in a project containing repeating instruments while also using Data Access Groups, some of the charts displayed on the the Resolution Metrics page, specifically "Number of open queries (by data access group)", "Number of closed queries (by data access group)", "Avg time to query resolution (by data access group)", and "Avg time for query response (by data access group)", would mistakenly display incorrect counts in the chart. (Ticket #27888)
  • Bug fix: When viewing drafted production changes for a project on the Control Center's To-Do List page, if a user clicks the Compare button next to a multiple choice field that has been modified inside the popup, then when they close the popup (which is a popup inside a popup), it would also mistakenly close the whole To-Do List popup (the parent popup), thus causing the user to have to re-open it again. This issue has been fixed for Chrome, Safari, and IE 11. Note: There is currently no known way to fix this bug for Firefox or older versions of IE at this time, unfortunately. (Ticket #27915)
  • Bug fix: If a Data Quality rule has been created and is set with the Real Time Execution (RTE) option, the DQ rule would fail to perform RTE on a data entry form if the form exists on repeating event, in which it would mistakenly not report any discrepancies that exist. This only occurs on repeating events but not on repeating instruments (Ticket #27960)
  • Bug fix: If data from a Notes field is being piped into a label of another field, then if the text itself contains line breaks, that text would mistakenly have double line breaks for each single line break when exporting a PDF of the instrument with data. (Ticket #27983)

Version 7.6.6 - (released 9/27/2017)

BUG FIXES & OTHER CHANGES:

  • Major bug fix: When using Automated Survey Invitations in a longitudinal project, under certain conditions ASIs with datediff+today would mistakenly not get evaluated, and thus invitations would not get scheduled/sent. This might have occurred with the second or more invitation for an instrument configured across more than one event between versions 7.4.0 and 7.6.6.
  • Minor security fix: When sending emails of any kind, REDCap now performs an extra validation on the From email address of the email being sent to ensure it is a valid email address, thus preventing any kind of injection by malicious users like those seen in the PHP mail issues CVE-2016-10033 and CVE-2016-10045.
  • Bug fix: When logging into REDCap using a mobile device, the error message would mistakenly not display if an invalid username or password was entered, which could be confusing as to why the login failed. On non-mobile devices, the error message displays properly.
  • Bug fix: When viewing surveys in the Safari browser in which the survey's "Size of survey text" is set to "Large", checkboxes and radio button fields would mistakenly not display correctly and would overlap one another a little.
  • Bug fix: When using the Survey Login on a survey that has the "Save & Return Later" option disabled, it would mistakenly display the "Save & Return Later" at the bottom of the survey page if the participant had just logged in via Survey Login. (Ticket #27389)
  • Bug fix: The Record Home Page and Record Status Dashboard could load unreasonably slowly for projects containing lots of fields, many of which have stored data values. (Ticket #27161)
  • Bug fix: When clicking the "unlock all instruments" link on a multi-arm longitudinal project's left-hand menu while viewing a record belonging to an arm that is not on the first arm, it would mistakenly not unlock all the locked instruments for that record. (Ticket #27740)
  • Bug fix: When piping data into a label, in which the data being piped contains text that looks similar to HTML tags but is not an actual HTML tag (e.g., "hello <123>"), the text inside the <...> would get mistakenly removed from the downloaded PDF file of the data collection instrument with data. (Ticket #27467)

Version 7.6.5 - (released 9/22/2017)

IMPROVEMENTS, BUG FIXES, & OTHER CHANGES:

  • Improvement: Attach PDF of responses in confirmation email - When using the “Send confirmation email” option on the Survey Settings page for a survey, that section now contains an additional option to “Include PDF of completed survey as attachment”, which will add the PDF of their responses sent to the participant in their confirmation email. This new option contains the following warning as a reminder to users: “WARNING: Since email is not considered a secure form of communication, the PDF attachment option is NOT recommended if the survey contains questions asking for identifying information (e.g., PHI).”.
  • Minor security fix: A Blind SQL Injection vulnerability was found on the User Access Dashboard page in which a malicious user could potentially exploit it by manipulating the query string of an HTTP request.
  • Minor security fix: Modified how files get deleted in a project's File Repository so that a POST parameter is used instead of query string parameter, which could subvert Cross-site Request Forgery (CSRF) protection.
  • Bug fix: REDCap Messenger was mistakenly not disabled in public projects (i.e., having no authentication enabled). Because public projects do not utilize REDCap authentication and thus store session information differently than regular projects, REDCap Messenger will be permanently disabled from inside a public project.
  • Bug fix: When the Data Resolution Workflow module is enabled in a project, and a user is viewing the DRW popup that details the history of a data query, if a user that contributed to that data query has since been deleted from the system, then it would display a blank value where their username would be in the popup history. It now says "[User deleted from system]" if the user has been deleted from the system since it is not possible to determine the username of the deleted user for that event. (Ticket #26835)
  • Bug fix: When a respondent is viewing the Stats & Charts after completing a survey, the Download Image button would fail to download an image of the chart. (Ticket #27072)
  • Bug fix: When using the Randomization module in a project and randomizing a record, strata fields that are radio buttons would mistakenly not display correctly in the randomization popup but would have the choice label overlaying the radio button itself. (Ticket #27030)
  • Bug fix: When the text-to-speech feature is enabled on a survey, clicking the speaker icon next to a survey question in order to have it speak the text would mistakenly cause the question choice to become selected/unselected for radio buttons and checkbox fields. (Ticket #27103)
  • Bug fix: When downloading a data dictionary snapshot from the Project Revision History page, if the dictionary contained any UTF-8 encoded characters, then the snapshot might not open correctly in some CSV viewers, such as Microsoft Excel, in which those UTF-8 characters would get mangled and be unreadable, whereas the normal data dictionary download (i.e., non-snapshot CSV) would open correctly and could be viewed normally with no mangling of characters.
  • Bug fix: The data import process (Data Import Tool or API) would mistakenly prevent users from importing a value for a checkbox field that has a negatively valued choice (e.g., "-1"), in which it displays an erroneous error. This appears to only occur in longitudinal projects. (Ticket #16235)
  • Bug fix: When deleting a file for a File Upload field by 1) individually deleting it on a data entry form, 2) deleting the whole data entry form's data via the Delete button at the bottom of the form, or 3) deleting a whole event's data (longitudinal projects only) for a record on the Record Home page, it would mistakenly not remove the file from the REDCap server after 30 days, even though the file appears deleted to the user. All "deleted" files should remain on the server for 30 days, after which they are deleted by a cron job, but in these scenarios, the files would mistakenly stay on the server forever as orphaned from the records to which they were originally attached. (Ticket #27303)

Version 7.6.4 - (released 9/13/2017)

IMPROVEMENTS, BUG FIXES, & OTHER CHANGES:

  • Improvement: Record auto-numbering for data imports (Data Import Tool, API, and Mobile App). For the Data Import Tool, the user may enable the new setting “Force record auto-numbering”, and in the API, the new parameterforceAutoNumber=true can be used, which will create new record names that are auto-generated by REDCap during the import process. In an upcoming version of the REDCap Mobile App, the mobile app will provide this API parameter automatically for records created in the app that did not previously exist in the project on the server. Note: This feature can only be utilized for projects with record auto-numbering enabled. Also, a record number must still be provided as a placeholder during the data import (to associate multiple rows with the same record), but that record name will be automatically changed to a new record ID generated by REDCap.
  • Improvement: When adding new choices for a multiple choice field in the Online Designer, it will now display an error message if any choices have duplicate codings (e.g., two choices both coded as "4" - "4, Pink" and "4, 4"), thus letting the user know that they should remove any duplicates because duplicates will be automatically removed when saving the field.
  • Change: A record's survey queue now only displays surveys that have been explicitly enabled in the survey queue for the project. In previous versions, it would display all completed surveys for that record, regardless of whether they were enabled in the queue. From here on out, if a user wants a survey to appear in the queue, then it should explicitly be enabled in the queue when set up on the Online Designer page. (Ticket #25965)
  • Bug fix: When viewing the Data History popup for a field, in which the record has been added to multiple arms in the project but was deleted from at least one arm, no data would be displayed in the popup for the field mistakenly.Bug fix: In certain rare cases on the Project Modification Module for multiple choice fields, the Compare button would mistakenly not parse the old/new choices correctly and give strange results displayed on the page and in the comparison popup.
  • Bug fix: If a user clicks the Enter key on their keyboard while their cursor is in the report title text box on the Create New Report page, it would mistakenly open the User Access popup.
  • Bug fix: For certain web server configurations, using the Create Custom Survey Link button on the Public Survey Link page might mistakenly not create a short link successfully.
  • Bug fix: When attempting to upload a non-XML file on the CDISC ODM tab in the Data Import Tool page, it would mistakenly display an empty popup with no error text. (Ticket #26116)
  • Bug fix: When using the @NONEOFTHEABOVE action tag on a checkbox field, if a user clicks the option to trigger the "none of the above" prompt, then it would mistakenly not trigger calculations or branching logic on the page that are affected by the unchecking of some of those checkboxes. (Ticket #26328)
  • Minor security fixes: Some Cross-Site Scripting (XSS) and Blind SQL Injection vulnerabilities were found in the Calendar module and Online Designer, respectively, in which a malicious user could potentially exploit them by manipulating the query string of an HTTP request.
  • Bug fix: When clicking the "learn about Action Tags" link in the instructional text near the top of the Online Designer page (when viewing an instrument's fields), the popup displayed would mistakenly show the Add buttons next to each tag. It should not be showing those buttons except when editing a field.
  • Bug fix: In very specific use cases where a date or datetime field is utilized in a calculation to check if the date/time is blank or not blank, it might mistakenly not be able to parse the calculation correctly or (in some extreme cases) might result in an incorrect value. This would only occur if one of the following four scenarios exist inside an "if" statement's condition for a calculated field: 1) "...and [date]=''", 2) "...or [date]=''", 3) "...and [date]<>''", or 4) "...or [date]<>''".
  • Bug fix: When using the API Import Records method using "eav" format and importing data into fields that exist on a repeating instrument, it might return an erroneous error stating that the values for 'redcap_repeat_instance' and 'redcap_repeat_instrument' were not provided, which is incorrect.
  • Bug fix: When using both Repeating Instruments and Repeating Events in a project, on certain occasions the Record Home Page might mistakenly display a "stack" form status icon (representing multiple instances of data) for instruments that actually have no data. (Ticket #26094)
  • Bug fix: If an SQL field has choices with values that contain commas, apostrophes, or quotes, then in some cases the drop-down might mistakenly not have the correct value pre-selected for the field when a data entry form or survey page is loaded, in which the field would appear blank with no option selected. (Ticket #26176)
  • Change: When setting a new URL for a project's Data Entry Trigger, it would remove the URL from the text box if the URL failed to be verified as a valid web address. It now no longer removes the value from the text box on failure but leaves it as-is. (Ticket #26315)
  • Change: When a data export takes longer than three minutes, it provides an extra notice in the progress popup (i.e., "Exporting data...") that informs the user that the export process may possibly take longer than 30 minutes and recommends that they not stop then restart the process, as it may cause it to take longer than usual. This message is to prevent users from repeatedly attempting long data exports, which in some cases could create performance issues on the REDCap server.
  • Bug fix: After scheduling a record in the Scheduling module, the "View or Edit Schedule" page might mistakenly display some HTML tags (e.g., "<br/>") inside the Notes column when viewing a record's schedule. (Ticket #26550)
  • Bug fix: Exporting a PDF of an instrument that was downloaded from the REDCap Shared Library can cause a fatal PHP error if the project's "Character encoding for exported files" is set to "Japanese (Shift JIS)" or "Chinese (UTF-8)" on the "Edit A Project's Settings" page. (Ticket #26766)
  • Bug fix: When entering certain YouTube video URLs as a Descriptive field's external video, it might mistakenly not parse the URL correctly, thus causing the video not to be playable on data entry form or survey. (Ticket #26672)
  • Bug fix: After a REDCap administrator approves a production draft mode request, the To-Do List in the Control Center would mistakenly display the request time of the last production change for all the previous production changes that have been requested in the past for that one project. (Ticket #26635)
  • Change: In the CSV Labels export data set, it now translates the choice lables Yes/No, True/False, and Checked/Unchecked in the CSV file if the project's language has been set to another language other than the default English. (Ticket #26279)
  • Bug fix: If the record ID field in a project was used as a Survey Login field, it would malfunction and always get counted as correct during the login process, even if an incorrect value was entered by a participant. This would effectively allow participants to bypass the survey login if the record ID field was the only login field being used for survey login. To prevent this issue, the record ID field is now no longer allowed to be used as a survey login field. (Ticket #26456)
  • Bug fix: When using the Double Data Entry module on a longitudinal project with multiple arms, if a user is DDE person #1 or #2, they would mistakenly see all records (across all arms) in the record list on the "Add/Edit Records" page, when instead they should only see the records that belong to the currently selected arm. (Ticket #26371)
  • Bug fix: The Control Center text discussing where a project's grant number is displayed was incorrect and has been changed to "Name of grant to be cited (optional) - displayed when users export data". (Ticket #22780)
  • Bug fix: If the REDCap server's PHP.INI configuration has the post_max_size variable set in units of gigabytes ("G") rather than megabytes ("M"), it might display an erroneous error on certain occasions saying that it has "exceeded the REDCap server's maximum submission size". (Ticket #26966)

Version 7.6.3 - (released 8/23/2017)

BUG FIXES & OTHER CHANGES:

  • Bug fix: If a project contains one or more fields using the Biomedical Ontology functionality, and a user copies the project with all its records, then the Biomedical Ontology labels that were cached for the original project mistakenly do not get copied, which can cause the value to get accidentally erased on a data entry form or survey if a user places their cursor into the Biomedical Ontology field but does not re-enter the value. (Ticket #25451)
  • Bug fix: On the Control Center's System Statistics page, the "Responded" count under "Survey invitations sent" might be slightly inaccurate. (Ticket #25361)
  • Bug fix: If a field has branching logic that includes a calc field that itself is used by another calc field, then the complex chaining of branching and calculations might not get updated on the data entry form or survey page whenever a user modifies a field's value that triggers the original calculation. The result would be that some fields might not get hidden/displayed by branching logic on the page until the page is reloaded.
  • Bug fix: Fixed typo on Locking Management page.
  • Bug fix: If a user exceeds the maximum number of failed login attempts in a set period of time and thus gets temporarily locked out, it would mistakenly not allow them to log in even if an administrator had reset their password afterward. It would instead make them wait until after the lock-out window of time had elapsed before they could log in with their new password, which is incorrect and confusing. (Ticket #23516)
  • Bug fix: If a field has branching logic that utilizes the datediff function, then when a user is hand-entering a value for a date/datetime field used in that datediff function, it might mistakenly display a popup error stating "Calculation errors exist" at the point at which the user has typed only a partial value for the field. (Ticket #25418)
  • Change: For a repeating instrument or an instrument on a repeating event, in which the instrument is enabled as a survey, if the current instance of the repeating instrument/event has not yet been saved, then it will now disable the Survey Options drop-down list at the top of the data entry form until the form has first been saved. And if a user tries to click the drop-down before that repeating form/event has first been saved, it will tell them to click the "Save & Stay" button before they can access the Survey Options. This will prevent ghost/placeholder instances from appearing in the Participant List, which occurred in previous versions. The previous behavior was regarded as generally undesirable, although not necessarily considered a bug. (Ticket #21843)
  • Bug fix: In the add/edit user privileges popup on the User Rights page, where a user can click the "Explain these settings" link to open the "Settings pertaining to project records" popup, which that explains the Create Records, Rename Records, and Delete Records privileges, that popup contained information that was very outdated and no longer correct. That text has now been updated.
  • Bug fix: When a user is viewing drafted changes in the Project Modification Module of a project in production status, if any multiple choice fields have had a choice re-labeled or had a choice removed, then when clicking the Compare button for the field, the record count in the Choices Change Summary popup would not have correct counts for choices listed as Unchanged, in which Unchanged choices would always mistakenly have "0" for "Number of records having this value". (Ticket #25851)
  • Bug fix: When clicking the Create Custom Survey Link button on the Public Survey Link page in a project, some REDCap servers might have difficulty creating a custom link successfully because REDCap was making a call to http://is.gd rather than http://is.gd For better compatibility, this has now been changed so that the https address is always called.
  • Bug fix: When a user has been assigned to a Data Access Group (DAG) and is creating a new record, if record auto-numbering is disabled in the project and the user uploads a file for a File Upload field on a data entry form before clicking a Save button on the page to create the record, then if the user later leaves the page without saving their changes via a Save button, the record would mistakenly not get assigned to the user's DAG but would instead not belong to any DAG.

Version 7.6.2 - (released 8/10/2017)

BUG FIXES & OTHER CHANGES:

  • Bug fix: When deleting a document that has been uploaded to a File Upload field on a survey, it would mistakenly display a box inside the field that asks the respondent to enter their survey access code. This only occurred on surveys and not on data entry forms.
  • Bug fix: Changed "Content-type" header to "Content-Type" in the Message PHP class because some email tools do not function properly if that header is in a different case. (Ticket #25051)
  • Change: When using the Data Resolution Workflow's dashboard for data queries that have been opened via a custom Data Quality rule that contains two or more fields in its rule logic, it now displays the record number in the dashboard as a clickable link that goes to the Record Home Page for the record. Whereas in previous versions, the record number was not a link but only text. (Ticket #24960)
  • Bug fix: When viewing the Data Resolution Workflow's Resolve Issues page and exporting the dashboard table as a CSV file, it might mistakenly output HTML character codes (e.g., ') for apostrophes, quotes, and non-breaking spaces in the CSV file. (Ticket #24833)
  • Bug fix: When clicking the "Unlock all instruments" link on a longitudinal project's left-hand menu after selecting a record, it would mistakenly only unlock the data entry forms in the current event being viewed rather than in all events for the record. Additionally, the "Lock all instruments" link on some occasions might mistakenly display an erroneous error message after being clicked. (Ticket #24861)
  • Bug fix: If two-factor authentication is enabled, and a normal user logs into REDCap when the entire system has been taken offline (via the System Status setting on the General Configuration page), then it would mistakenly display the two-step login screen and an empty, malformed popup rather than displaying the offline message. (Ticket #25148)
  • Change: Modified the explanation text for @NOW and @TODAY action tags for greater clarity with regard to their usage. (Ticket #24847)
  • Bug fix: Line breaks inside field labels do not work well in Excel on Macs when downloading a data dictionary and then re-uploading it, in which the line breaks would often get doubled after re-uploading it into REDCap. Technically, it now replaces as carriage return+line feed characters with simply a line feed character to prevent this doubling effect. (Ticket #21681)
  • Bug fix: On the Record Status Dashboard page in a project, a database query would sometimes fail specifically for MySQL 5.7 only, in which it would be unable to retrieve all the form status values to display for records on the page.
  • Bug fix: When deleting a user-uploaded file on the File Repository page in a project, it would not successfully delete the file on certain occasions.
  • Change: Added new note at top of Online Designer (when viewing an instrument's fields) that mentions using Action Tags and includes a link to open the Action Tag documentation popup to learn more about them.
  • Bug fix: On very specific and seemingly random occasions, a relatively long field label in a right-aligned field might not display correctly in the PDF download of the instrument, in which it would mistakenly display the label as one word per line rather than wrapping the text as expected. (Ticket #15336)
  • Bug fix: When a field has branching logic that is dependent on another field that is hidden/displayed due to branching logic, if a field upstream on a form/survey has a value that is later changed, then all the chained branching logic on the page would mistakenly not cascade through all fields as it should, thus leaving some fields displayed that should be hidden.

Version 7.6.1 - (released 8/4/2017)

BUG FIXES & OTHER CHANGES:

  • Change/improvement: The "Require Reason for Change" feature, which can be enabled in the Additional Customizations popup on the Project Setup page, no longer requires a reason when adding data to an empty data entry form (i.e., having a gray status icon). In previous versions, it would prompt the user for a reason even when adding new data to a form that had never had data entered before, which was deemed as unnecessarily aggressive, thus making the feature less useful to many users. So now in the event that data has never before been entered on the current instrument for a given record, the user will not be prompted for a reason (that is, until they return to the instrument at a later time and add/edit/delete data). Note: The Regulatory & Software Validation Committee has reviewed this change, and has approved it for general use.
  • Bug fix: Fixed incorrect language in plugin/hook documentation for the REDCap::saveData() method. (Ticket #24619).
  • Bug fix: When using the "Test calculation with a record" functionality for a calc field in the Edit Field popup in the Online Designer, it would mistakenly return a non-numerical value (rather than a blank value) in certain cases where an "if" statement is set to return a non-numerical value for a specified condition. It will now return "[No value]" instead. (Ticket #24612).
  • Bug fix: When using a Custom Record Label for a project, in which the fields used in the Custom Record Label exist on a repeating instrument, it would mistakenly not pull those fields' data correctly, thus causing those fields to be blank in the Custom Record Label. In this case, it now pulls the data for those fields from the first instance of the repeating instrument. (Ticket #24610)
  • Bug fix: When entering a value into a Text field or Notes field that triggers branching logic, if branching is triggered while the user is typing (before they leave the field), it would mistakenly display the "Erase current value?" prompt for any fields on the page that have values that are trying to be hidden by branching logic. It should only display that prompt when leaving the current field, not while the user is still typing inside the field.
  • Bug fix: If a calc field's equation includes another calc field, then some downstream calculations might not get updated on the data entry form or survey page whenever a user modifies a field's value that triggers the original calculation.
  • Change: The text of an error message has been modified for greater clarity when an administrator goes to approve production changes but there are no changes to approve. This happens when a user has taken the project back out of draft mode after initially requesting their changes be approved. (Ticket #24774)
  • Bug fix: On some occasions REDCap Messenger might mistakenly throw a JavaScript error if Messenger was initially closed when the page loaded but then was opened. This is due to AJAX synchronicity issues. (Ticket #24930)
  • Bug fix: When entering an email address in certain email fields on Configuration pages in the Control Center, the field validation would reject email addresses that have newer domain names (e.g., rob@cabrini.technology). (Ticket #24686)
  • Bug fix: If using the REDCap::getPDF() method inside a REDCap hook that gets called on a survey page, it would mistakenly force a PDF download on the page, in which the PDF would be corrupted and not able to be opened, instead of returning the contents of the PDF as a string to the hook. (Ticket #24999)
  • Bug fix: If a field utilizes the @NOW or @TODAY action tag on a survey or data entry form, and that field's value is also piped somewhere on that page, then the field's value will mistakenly not get automatically piped when the page initially loads. (Ticket #24994)

Version 7.6.0 - (released 7/27/2017)

BUG FIXES & OTHER CHANGES:

  • Improvement: Improved accessibility on surveys when using screen readers. Additionally, tabbing now works correct when tabbing through “Enhanced Radios and Checkboxes”, and the spacebar can be used to select a choice, as is always the case with standard radios and checkboxes.
  • New action tag: @CHARLIMIT - Sets the maximum number of characters that can be entered into a Text field or Notes field, and also displays the number of characters remaining. The format must follow the pattern @CHARLIMIT=??, in which ?? is the desired max character count (alternatively, the number value can be inside single or double quotes). NOTE: This action tag cannot be used at the same time as @WORDLIMIT for the same field. NOTE: This action tag does *not* get applied during any data imports (via API or Data Import Tool) but only operates when viewing survey pages and data entry forms.
  • New action tag: @WORDLIMIT - Sets the maximum number of words that can be entered into a Text field or Notes field, and also displays the number of words remaining. The format must follow the pattern @WORDLIMIT=??, in which ?? is the desired max word count (alternatively, the number value can be inside single or double quotes). NOTE: This action tag cannot be used at the same time as @CHARLIMIT for the same field. NOTE: This action tag does *not* get applied during any data imports (via API or Data Import Tool) but only operates when viewing survey pages and data entry forms.
  • New action tag: @RANDOMORDER - Randomizes the order of multiple choice field options as displayed on survey pages and data entry forms, in which their order will be different each time the page is loaded. NOTE: This action tag can only be utilized for the following field types: Checkbox, Radio, Drop-down, Yes-No, and True-False. This tag also works for enhanced radios and checkboxes on surveys.
  • New action tag: @HIDECHOICE - Hides one or more choices of a multiple choice field. This action tag is useful if you wish to retire a particular choice after utilizing it for a while in data collection, thus allowing you to hide the choice from that point after without orphaning any of the choice's data, which would happen if you simply deleted the choice. The format must follow the pattern @HIDECHOICE='??', in which the coded values should be inside single or double quotes for the choice(s) you wish to hide. If more than one choice needs to be hidden, then provide all the coded values separated by commas. For example, to hide the choice 'Monday (1)', you would have @HIDECHOICE='1', but if you wanted to additionally hide 'Tuesday (2)', you would have @HIDECHOICE='1,2'. NOTE: If the hidden choice has already been selected for a given record, then the choice will not be hidden on the survey or form for that record/event. NOTE: Hidden choices will still appear in reports and data exports. NOTE: This action tag can only be utilized for the following field types: Checkbox, Radio, Drop-down, Yes-No, and True-False. NOTE: This action tag works only in limited fashion with a matrix of fields, in which it will simply hide the checkbox/radio but still display the column for that choice in the matrix.
  • New action tag: @ NONEOFTHEABOVE - Allows for the designation of a checkbox choice to be a 'none of the above' option, thus ensuring that no other choices are checked if that one choice is selected. This means that if that particular option is selected, it will alert the user that all other checked-off choices will be unchecked. And if the 'none of the above' option is already checked when the user checks off another choice, it will automatically uncheck the 'none of the above' option. This action tag makes it possible to have a 'none of the above' option without the risk of users mistakenly having other choices selected at the same time. The format must follow the pattern @NONEOFTHEABOVE=??, in which ?? is the coded value of the 'none of the above' checkbox choice - e.g., @NONEOFTHEABOVE=98. Alternatively, it is possible to set multiple options as a 'none of the above' option at the same time, in which the coded values must be comma delimited inside single or double quotes - e.g., @NONEOFTHEABOVE='45,99'. This is useful for certain situations, such as if you have a 'none of the above' option and also have a 'refuse to answer' option, thus allowing either of those to be the only option that can be selected at a time. NOTE: This action tag can only be utilized by Checkbox fields.
  • Improvement: New "Save & Exit Record" button on data entry forms - After being clicked, the user is taken back to the Record Home Page to select another record or create a new one.
  • Improvement: New "Save & Go To Next Record" button on data entry forms - After being clicked, the user is taken to the Record Home Page for the record that follows the record just edited (according to the record order seen on the Record Status Dashboard).
  • Minor security fix: The Bootstrap framework was upgraded to the latest version (3.3.7) due to a minor vulnerability in the framework.
  • Improvement: The Configuration Check page in the Control Center will now detect if any non-versioned files(that reside in the main "redcap" directory but are not inside a version directory) are out-of-date, and if so, will provide a zip file of the files to be replaced.
  • Improvement: Branching logic now begins to get executed slightly earlier when leaving a text field (e.g., via tabbing) on a data entry form or survey page. This eliminates certain workflow issues, such as when a user's cursor mistakenly skips over previously hidden fields that become suddenly visible due to branching logic being triggered by leaving the initial field. So overall, it improves the behavior of tabbing through a survey or form when branching logic is used.
  • Improvement: Branching logic and calculations now get executed more efficiently when triggered by adding/modifying field values on a survey page or data entry form, in which they now get executed only for the fields for which they are a trigger. This is much better than executing branching logic and calculations for all fields on the page, which was the case in previous versions.
  • Improvement: The App Data Dumps tab on a project’s REDCap Mobile App page now displays the records and the uploaded file list in a more manageable fashion for any emergency data dumps that are listed on that page.
  • Bug fix: When using the Survey Auto-Continue feature for a set of surveys that exist on a Repeating Event in a longitudinal project, if a participant completes a survey, it would always mistakenly send them to the next survey in the first instance of the Repeating Event instead of sending them to that survey in the current instance of the Repeating Event. So their responses for the following surveys would not get stored in the correct instance of the Repeating Event.
  • Bug fix: In some cases where date values might have trailing spaces (e.g., "2017-12-31 "), it would mistakenly cause the datediff() function to not always work correctly in calculated fields and in Automated Survey Invitation conditions, among other places where datediff() can be utilized. (Ticket #24243)
  • Change: When opening the "Upload document" popup for a File Upload field, it now no longer displays the field's variable name in the popup. It now only displays the field label. Displaying the variable name was deemed unnecessary and unuseful, especially for survey participants.
  • Bug fix: If a user loads a survey page or data entry form, in which a required field already has a value at the time the page is opened, then if the value is removed and the page is saved, it would mistakenly give the required field prompt saying that the required field was left blank, which is incorrect.
  • Bug fix: When repeating instruments have been enabled in a project, and some instances of a repeating instrument have been deleted for a given record, then when viewing the record on the Record Status Dashboard, the form status icon displayed in the table for the repeating instrument might be an incorrect color (e.g., blue stack icon instead of green stack icon). (Ticket #23370)
  • Bug fix: When copying a project, in which the reports are copied but users/roles are not copied, if a report had custom user access set, then that same report in the new project would end up in a limbo state where it appears that all users can access it but mistakenly no one can access it (except users with Edit Reports privileges via the "My Reports & Exports" page). (Ticket #23918)
  • Change: On the Project Modification Module, the Commit, Reject, and Reset/Delete buttons at the bottom of the page for administrators now have a short description next to them to explain what they do (in case administrators get skittish about clicking the buttons without fully understanding them first).
  • Change: Removed the use of expression(this.width > ...) in CSS inline style of embedded images (e.g., survey logo, descriptive field attachment) since it is no longer necessary in the web browsers that REDCap supports.
  • Bug fix: When viewing the Data History popup for a field when viewing a record on a data entry form, if the record had been deleted in the past but later another record was created with the same record name, then it would mistakenly also display the logging for the deleted record in the Data History popup. (Ticket #24444).
  • Bug fix: When using the datepicker/datetimepicker widget for setting the value of a text field, if the field has a min or max range validation set, then it would prevent the user from selecting a new month or year in the datepicker if the existing value in the field is currently out of range. This made it extremely difficult to use the datepicker well if range validation is used on the field. (Ticket #24049).
  • Bug fix: When clicking the Compare button for a multiple choice field on the Draft Mode field comparison page, if a multiple choice option has a comma in its label, then the resulting popup comparing the choices would mistakenly truncate the choice label at the comma. (Ticket #24566).

Version 7.5.2 - (released 7/18/2017)

BUG FIXES & OTHER CHANGES:

  • Major bug fix: In very specific scenarios, deleting a record in a project might mistakenly delete a scheduled survey invitation for a record with the same name in another unrelated project. This would result in random survey participants not receiving their invitations. This issue occurs very seldom. (It was thought that the major bug fix listed in REDCap 7.4.5's release notes was responsible for this, but it was found not to be.)
  • Bug fix: When entering the equation for a calc field in the Edit Field popup in the Online Designer, if the project is in Draft Mode while in production, then any fields referenced in the calculation that exist only in Draft Mode will cause the logic checker to mistakenly say "Error in syntax" right below the equation in the popup. (Ticket #23886)
  • Bug fix: If viewing a survey that has "enhanced radio buttons and checkboxes" enabled, it would display a checkbox with Left/Horizontal alignment on the survey mistakenly as a single column of buttons rather than as two columns. Horizontally-aligned radios/checkboxes should always display as two columns of buttons, except on small mobile devices.

Version 7.5.1 - (released 7/12/2017)

BUG FIXES & OTHER CHANGES:

  • Medium security fix: A cross-site scripting vulnerability was found that could be exploited by a malicious user by manipulating the query string of an HTTP request or REDCap link.
  • Medium security fix: A cross-site scripting vulnerability was found that could be exploited by a malicious user by manipulating text strings input into conversation titles or messages in REDCap Messenger.
  • Major bug fix: On certain occasions, the cron job that schedules Automated Survey Invitations containing conditional logic using datediff() with "today" as a parameter might mistakenly remove survey invitations that have been scheduled for another project. This would result in random survey participants not receiving their invitations. This issue occurs very seldom.
  • Minor security fix: A couple functions (e.g., deleting files in the File Repository or on File Upload fields) were mistakenly not being protected from Cross-site Request Forgery (CSRF) attacks by potential malicious users.
  • Change: A note was added for clarification at the bottom of the Data Quality module to denote that for Rule E the term 'outlier' refers to a value that is more than two standard deviations from the mean.
  • Bug fix: When clicking the "Tell me more" link inside the Survey Login popup in the Online Designer, it would mistakenly display the hidden instructional text.
  • Bug fix: When using the Data Dictionary Upload page to import a field that has a certain type of invalid branching logic, then it can mistakenly throw a fatal PHP error and prevent the file from successfully uploading rather than gracefully catching the error. (Ticket #23658)
  • Bug fix: When exporting the REDCap XML file (containing metadata and data) on the Other Export Options page, that option's download icon's "title" attribute would mistakenly say "Download PDF with all data", which is incorrect. (Ticket #23674)
  • Bug fix: The Data Dictionary upload process would mistakenly not catch the error where a min or max validation range is provided without a value for the field validation type. (Ticket #23440)
  • Bug fix: When "enhanced radio buttons and checkboxes" are enabled on a survey, radio or checkbox fields that have vertical alignment were mistakenly not displaying their choices as one choice per line, which is what vertical alignment dictates, but instead they were displaying as two choices per line - except on mobile devices in which it always displays one choice per line. (Ticket #23748)
  • Bug fix: When adding a custom Data Quality rule for a project in production, it might mistakenly return an error saying that the fields in the rule logic do not exist as real fields in the project. (Ticket #23515)
  • Bug fix: For longitudinal projects with multiple arms in which the project has the Custom Record Label or Secondary Unique Field enabled, if a user views a calendar event that is attached to a record (either as an ad hoc calendar event or generated via the Scheduling module), then when viewing the calendar event in the popup, it would mistakenly only display the Custom Record Label or Secondary Unique Field for records in the first arm. For records existing only in other arms, the value would mistakenly be blank. (Ticket #23367)
  • Bug fix: When repeating instruments have been enabled in a project, and some instances of a repeating instrument have been deleted for a given record, then when viewing the record on the Record Home Page, the form status icon displayed in the table for the repeating instrument might be an incorrect color (e.g., red stack icon instead of green stack icon). (Ticket #23370)
  • Change: The PHP constant USERID and global variable $userid set by REDCap will now always be lower case regardless of whether a user has logged in using a different case for their username. (Ticket #23062)
  • Change/improvement: When using Twilio telephony services in a project and having respondents complete surveys via SMS messages, if a respondent has SMS auto-reply enabled for their phone number, it can cause an infinite loop of bounce-backs that will quickly deplete the REDCap user's Twilio account of funds. The SMS survey will now max out at 10 invalid responses per minute before automatically ending the survey. (Ticket #23050)

Version 7.5.0 - (released 6/29/2017)

NEW FEATURES, BUG FIXES & OTHER CHANGES:

  • New feature: PDF download for survey respondents - On an instrument's survey settings page, a user may enable the option "Allow participants to download a PDF of their responses at end of survey?". This option will display a button for the survey participant to download a PDF file of their responses for the survey they just completed. Users may also download this same copy of the PDF since it has been added as a new PDF download option at the top of data entry forms.
  • New feature: Allow users to generate API tokens on their own - A new optional setting on the User Settings page in the Control Center will grant all users or selected users the ability to generate API tokens on their own without a REDCap administrator having to generate them on their behalf. If set to "Yes, allow selected users", then an administrator will have to enable the setting on a given user's account via the Browse Users page to allow them to generate their own tokens. If set to "Yes, allow all users", then any user will be able to generate their own API token for a project any time they wish. Note: This system-wide setting on the User Settings page defaults to "No, an administrator must approve each token request", which is the behavior in previous versions of REDCap.
  • Medium security fix: A cross-site scripting vulnerability was found that could be exploited by a malicious user or survey respondent uploading a specially designed file for a File Upload field (or manipulate the HTTP request during the upload process) on a survey page or data entry form.
  • Improvement: When copying a project that has the Dynamic Data Pull (DDP) module enabled, it will now copy the DDP field mappings in the project. Note: The DDP module will still be initially disabled in the new project, but after an administrator enables it for the user, the mappings that were copied will then appear.
  • Bug fix: When clicking the "Add new" button on the Record Home Page to add a new repeating event for a record, if the event/form table is large enough on the page, the table may mistakenly disappear on certain occasions after clicking the button. (Ticket #23165)
  • Bug fix: If a logged-in user knows how to manipulate a specific HTTP request to the REDCap server, they might be able to learn the project title of any given project.
  • Bug fix: For longitudinal projects with multiple arms that utilize repeating instruments, if a record exists on more than one arm, the Record Home Page would mistakenly display the repeating instruments tables from other arms for that record.

Version 7.4.3 - (released 6/22/2017)

BUG FIXES & OTHER CHANGES:

  • Improvement: When the Data Resolution Workflow module is enabled for a project, the Resolve Issues page now has an Export button to allow users to download the data resolution dashboard as a CSV file. The page also allows users to view "all status types" using the first filter drop-down in the dashboard table.
  • Change: When designating instruments for events on a longitudinal project's "Designate Instruments for My Events" page, normal users will no longer be able to undesignated an instrument from an event if the project is in production (REDCap administrators will still be allowed to do this though). This is to protect users from mistakenly undesignating instruments after collecting data in production, which would orphan the data.
  • Change/improvement: The Data Search feature on the "Add/Edit Records" page performs slightly better regarding the ranking of search results returned, in which it now lists exact word matches first in the list of results. Additionally, the Data Search feature now returns a maximum of 25 matching values, whereas previous versions returned a maximum of 15.
  • Bug fix: A user might not receive email notifications regarding new REDCap Messenger messages if they have had Mobile App or API activity after logging out and then receiving new messages.
  • Bug fix: When viewing a survey or data entry form on a tablet, in which an inline image attachment is displayed in a Descriptive field on the page, it would mistakenly display the image at a smaller size than expected if the image is larger than 250 pixels wide.
  • Bug fix: When typing a calc equation, branching logic, report filer, etc. into a text box where it provides variable auto-suggestions, depending on the REDCap server configuration, it might mistakenly not display suggestions for fields but instead display an error message.
  • Bug fix: When a project is in production but not in Draft Mode, it would mistakenly display the "REDCap Shared Library" button and "Check For Identifiers" link on the Project Setup page. (Ticket #22605)
  • Bug fix: When exporting and re-importing a project XML file of metadata to create a new project, if any multiple choice fields have option labels that contain HTML tags, then all options for that field that do not contain HTML in their label would mistakenly get lost and would not appear in the newly created project. (Ticket #22610)
  • Bug fix: When entering branching logic in the "Add/Edit Branching Logic" popup on the Online Designer, if the project is in production and in Draft Mode, then it would mistakenly report "Error in syntax" if the logic contains a variable name that is on a new instrument that exists in Draft Mode but not in the production version of the project. (Ticket #22604)
  • Bug fix: When using the drag-n-drop option in the "Add/Edit Branching Logic", the operator drop-down was missing "<>" as an option. (Ticket #22596)
  • Bug fix: When clicking the "reset" link for a radio button field on a data entry form or survey page, if fields immediately below to become visible due to branching logic after the link is clicked, then in certain cases the value of the radio button field would mistakenly not get reset.

Version 7.4.2 - (released 6/13/2017)

BUG FIXES & OTHER CHANGES:

  • Bug fix: When clicking the "fetch" link for a user on the User Access Dashboard, in which the user has never accessed that particular project, the spinning icon would mistakenly continue to spin forever instead of displaying "never".
  • Bug fix: When a participant is using the Survey Login feature to log in to a survey, it would mistakenly not display the survey instructions on the first survey page unless the "Save & Return Later" option had been enabled for the survey. It now always displays the instructions on the first page regardless. (Ticket #21646)
  • Bug fix: When clicking the "fetch" link for a user on the User Access Dashboard, in which the user's username has an "@" sign in it (e.g., their username is their email address), the spinning icon would mistakenly continue to spin forever instead of displaying the timestamp or "never".
  • Bug fix: When executing a rule on the Data Quality module, if the discrepancy results return fields whose field label text is not saved correctly (mangled encoding that results in a black diamond character), then the popup containing the discrepancies will mistakenly not open when the user clicks the "view" link for that rule.
  • Bug fix: If a survey participant has clicked the button to change the survey font size at the top of the survey, and then they view a survey page where a drop-down field or text field is initially hidden by branching logic but is revealed later via branching logic on that page, the previously hidden field will mistakenly be very thin and almost invisible.
  • Bug fix: If the Scheduling module is enabled in a project, it would mistakenly allow a user that does not have "Create Record" user privileges to create a new record if they click the "Generate Schedule" button without having selected a record from the "choose existing unscheduled" drop-down list. (Ticket #10111)
  • Bug fix: When a participant is taking a PROMIS/Neuro-QoL survey (adaptive or auto-scoring only) for the first time ever for the REDCap server, it might mistakenly fail to auto-retrieve the PROMIS API keys if the REDCap server's institution name or grant funding text on the General Configuration page contains HTML tags. This would prevent the PROMIS service from functioning at all.
  • Bug fix: When sorting projects in the My Projects list by clicking the Records or Fields header in the table, it would mistakenly not sort them correctly if the number contained a comma. (Ticket #21778)
  • Bug fix: When executing Data Quality rule F in a project that has checkbox fields on Repeating Instruments, it might mistakenly display false positives as discrepancies for those checkbox fields. (Ticket #13555)
  • Change/improvement: To allow text boxes to expand flexibly, an "Expand" link was added below the "Send confirmation email" message box on the Survey Settings and also below the User Comments text box on the Browse Users page when editing a user's account in the Control Center.
  • Bug fix: If an "Account Manager" is searching for other users on a project's User Rights page or the Browse Users or Browse Projects pages in the Control Center, it would mistakenly not list suspended users in the results returned.
  • Change: The "Review Drafted Changes" page in a production project now gives a bigger warning if a user is attempting to change the Record ID field's variable name after data collection has begun.
  • Bug fix: If the survey confirmation email is enabled or if survey notifications are enabled for a given survey that is enabled as a repeating survey, it would mistakenly not send the emails if the survey has the "Before survey is completed" option set for the location of the repeating button on the survey page. (Ticket #22276)
  • Bug fix: The Repeating Instrument tables displayed at the bottom of the Record Home Page for a project with Repeating Instruments might mistakenly display the tables in incorrect order.
  • Bug fix: If a file is uploaded to a File Upload field on a data entry form or survey for an existing record, and then the link is clicked to download the file, it would only display "ERROR!", which is non-descriptive and confusing, whereas now it gives a more full error message stating that the form/survey must first be saved before the file can be downloaded. Also, if a file is uploaded and then deleted via the "Remove file" link, it would mistakenly display "ERROR!" in that field with no option to re-upload a field. Additionally, to be consistent with all this behavior, users will no longer be able to send the file via the Send-It button below it until the data entry form has first been saved and reloaded. (Ticket #22022)
  • Bug fix: The drop-down list of records on the "Add/Edit Records" page would mistakenly display HTML tags if the Custom Record Label or Secondary Unique Field label contained HTML tags. (Ticket #22351)
  • Bug fix: When importing data for checkbox fields via the Data Import Tool or API, in which the checkbox exists on a Repeating Instrument, it would mistakenly display an error saying that the value cannot be imported. (Ticket #22387)
  • Bug fix: When viewing the My Projects page, Control Center, or other non-project pages, the top nav bar might mistakenly be displayed as two rows rather than one. (Ticket #22469)
  • Change: Invitation reminders are now displayed by default in the Survey Invitation Log. In previous versions, the "Display invitation reminders?" checkbox would have to be checked in order to see the reminders. Not initially seeing the reminders would cause some users to mistakenly assume that nothing was scheduled.
  • Change/improvement: When adding a secondary or tertiary email address to a REDCap user account, the language has been modified on the email verification page for greater clarity when the current logged-in user clicks the link and they are not the requester. This can happen sometimes when one user is authorizing another user to use their email address for their REDCap account's secondary or tertiary email. (Ticket #21780)

Version 7.4.1 - (released 5/29/2017)

BUG FIXES & OTHER CHANGES:

  • Improvement: If a record has any calendar events (included scheduled events) that will occur in the next 7 days, it will display a button above the table on the Record Home Page. The button will note how many calendar events there are for the current record in the 7 days, and when clicked, it will display the next 7 days worth of calendar events in agenda mode view.
  • Improvement: If a record has any survey invitations that are scheduled to be sent in the next 7 days, it will display a button above the table on the Record Home Page. The button will note how many upcoming invites are scheduled for the current record in the 7 days, and when clicked, it will display a table of the send time and survey title for the next 7 days worth of scheduled invites.
  • Improvement: When the Dynamic Data Pull (DDP) module is enabled for a project, it will now display a record's number of items to adjudicate when viewing the record on the Record Home Page, and additionally clicking the View button allows to user to adjudicate new items for the record on the Record Home Page.
  • Improvement: When the Dynamic Data Pull (DDP) module is enabled for a project, the DDP adjudication popup now displays a gray header for each data entry form of fields displayed in the popup. This makes it more clear to which form the fields belong.
  • Bug fix: If the REDCap web server is running PHP 7.1, numeric survey access codes for Twilio telephony services could never be created and could cause some processes to go into infinite loops until the PHP script crashed. (Ticket #21169)
  • Bug fix: When using Twilio telephony services and sending an SMS survey invitation for participants listed in the Participant List for the first instrument, it would mistakenly keep asking the participant for their survey access code via SMS after they initially replied back via SMS, thus preventing them from starting the survey. (Ticket #20303)
  • Bug fix: If the 'records' parameter in the API "Delete Records" method is passed as a string instead of an array, it would mistakenly return a "1" for success, even though it did not delete any records. (Ticket #21424)
  • Bug fix: When the cron job is running for the Publication Matching module, it might mistakenly throw a fatal PHP error and halt the cron job mid-way through completing in certain situations. (Ticket #21347)
  • Bug fix: If a field used in the Survey Login has another field's value being piped into its field label, then the Survey Login screen would mistakenly not perform the piping. (Ticket #19610)
  • Bug fix: When one of the "Number...comma as decimal" field validation types is used for a field that also has a field min/max range validation set, then when importing data into the field via Data Import Tool, it would display erroneous error messages saying that the value is out of range. (Ticket #20959)
  • Bug fix: When using the designated survey email field on a survey, if a value is entered for the field, then the field would mistakenly be disabled on the survey page. It should only be disabling the field on the survey if the user entered the email address into the Participant List and if the user has also enabled the designated email field, which exists on that survey. This is done to prevent the email address in the Participant List and the email from the designated email field from getting out of sync. But it should not be disabling the field if the email value does not come from the Participant List. (Ticket #21504)

Version 7.4.0 - (released 5/17/2017)

NEW FEATURES, BUG FIXES, & OTHER CHANGES:

  • New feature: REDCap Messenger
    • REDCap Messenger is a communication platform built directly into REDCap. It allows REDCap users to communicate easily and efficiently with each other in a secure manner. At its core, REDCap Messenger is a chat application that enables REDCap users to send one-on-one direct messages or to organize group conversations with other REDCap users. REDCap Messenger is also the best and easiest way to share documents with other REDCap users, in which you can upload documents and embed pictures inside any given conversation.
    • View more info here
    • Watch 10-minute video on REDCap Messenger
  • Improvement: The generic field validation error message ("The value you provided could not be validated because it does not follow the expected format. Please try again.") has been improved, in which it now additionally displays "Required format:" and the name of the field validation (e.g., "Datetime (D-M-Y H:M)") in the error prompt so that there is no ambiguity about what the format should be.
  • Bug fix: When calculated fields utilize date/datetime fields in certain ways, such as inside the condition of if() functions or comparing the date/datetime value to "" or "NaN", it can return an incorrect value on data entry forms (via JavaScript) or during a data import or Data Quality rule H (via PHP). (Ticket #21030)
  • Bug fix: When searching for users in the Control Center on the Browse Users and Browse Projects pages, it would mistakenly not return suspended users in the search. (Bug emerged in REDCap 7.3.6.)
  • Bug fix: Reports that use advanced logic containing datediff functions strung together with ORs (e.g., datediff(...)>6 or datediff(...)<40 ) would not return any matching records/events for the datediffs that contained one or both date parameters having blank/null values. This appears to only affect reports.
  • Change/improvement: The password security questions for Table-based users have now had their language abstracted, so they are now translatable like other stock text in REDCap.
  • Bug fix: If a survey instrument has fields from it being displayed in a report that is set to show the survey identifier and survey timestamp fields, in which that survey instrument is set to be a repeating instrument or is on a repeating event, then the survey identifier and timestamp fields would mistakenly only ever display a blank value instead of the real value in the report.
  • Bug fix: In a project with Double Data Entry enabled, if a user is DDE user #1 or #2 and enters a page where DDE users are not allowed (e.g., Data Import Tool) and is thus presented with a yellow error message stating that the page is disabled, it would mistakenly make the links on the project's left-hand menu into dead links or will point to the wrong URL.
  • Change: The font size of the text fields for Link Label and Link URL on the "Set up project bookmarks" page were too small.
  • Change: On the API page in a project, for users that are not Administrators, it no longer displays a list of all users in the project who have API tokens. This is to adhere to a more conservative security policy. (Ticket #20048)
  • Bug fix: Data Quality rule G would mistakenly return discrepancies for checkboxes that exist on an instrument set as a Repeating Instrument. (Ticket #19259)
  • Bug fix: On the Record Home Page of a project that has repeating instruments, it would mistakenly display the table listing all instances saved for a repeating instrument even if the user does not have Data Entry user privileges to that particular instrument. It now no longer displays the table. (Ticket #20554)
  • Bug fix: SQL fields were mistakenly not displaying on the "Stats & Charts" page. (Ticket #20195)
  • Change/improvement: Added an optimized version of the cron job that checks all conditional logic in Automated Surveys Invitations that use "today" inside a datediff() function.
  • Bug fix: When creating a Custom Record Status Dashboard with filter logic that returns no records, it would mistakenly display all the project's records in the dashboard table on the page. (Ticket #21103)
  • Bug fix: If HTML tags are used in the Custom Record Label, then those tags will mistakenly be displayed at the top right corner of an exported PDF containing record data. It now strips out any HTML tags in the PDF for the Custom Record Label. (Ticket #21229)
  • Bug fix: If creating a project using a Project XML file that contains a data collection instrument with no fields other than the Form Status field, that instrument would mistakenly not get created in the new project, and if longitudinal, will throw an error and prevent the project from even being created.
  • Bug fix: When repeating events are enabled in a longitudinal project, if a user clicks the "Add new" button on the Record Home Page to add a new repeating event, then the column mistakenly does not duplicate correctly if the table is wide and employing floating table headers/column. (Ticket #20267)
  • Bug fix: When renaming a Data Access Group on the DAG page, if the DAG name contains non-Latin characters, it would mistakenly not saved the DAG name correctly. (Ticket #20958)
  • Bug fix: The "Order by another field" customization on the Project Setup page's "Additional customizations" popup was no longer working on the drop-down list of records on the Record Home Page. Bug emerged in version 7.0.0. (Ticket #15091)
  • Bug fix: If a field utilizes the @DEFAULT action tag on a survey or data entry form, and that field's is also piped somewhere on that page, then the field's value will mistakenly not get automatically piped when the page initially loads. (Ticket #21288)
  • Bug fix: Values for the fields "redcap_repeat_instrument" and "redcap_repeat_instance" would not get fully validated during a data import, thus causing the data to get mistakenly imported into non-repeating events/instruments and orphaning some of the data after the import completed. (Ticket #21100, #20028)

Version 7.3.6 - (released 5/17/2017)

BUG FIXES & OTHER CHANGES:

  • Major bug fix: Specific usages of the "if" function in calc fields would cause opposite results for auto-calcs and for Data Quality rule H. This includes the usages below. (Ticket #17479, #18945, #17882)
    • if ([field] = "NaN", ... , ...)
    • if ([field] <> "NaN", ..., ...)
    • if ([field] = "", ..., ...)
    • if ([field] <> "", ..., ...)
  • Change: The user auto-suggest on the User Rights page no longer returns suspended users when searching for users to add to the project.
  • Change: The DataQuality::renderResolutionTable method was not checking for $_GET['assigned_user_id'] in resolve.php. (Ticket #20630).
  • Bug fix: At the top of the data entry form when viewing a survey response, it would incorrectly list an API user as a contributor to that response when the API user has imported data values for *any* field for that record, not just fields on that particular survey instrument. It now only lists contributors who have modified values on that instrument. (Ticket #20452)
  • Bug fix: When executing Rule C "Field validation errors (incorrect data type)" in the Data Quality module, it would mistakenly return false positives in the discrepancy list when there exist no fields in the project having field validation and also when there are no slider fields or calc fields.
  • Bug fix: When sending multiple attachments in an email sent from a hook or plugin using the Message class in REDCap, it would mistakenly attach extra empty text files to the email for some email providers.
  • Bug fix: The auto-generated unique event name for events in a longitudinal project might mistakenly begin or end with an underscore, which might cause erroneous errors when using a unique event name in report filter logic or in other similar logic. (Ticket #20301)
  • Change/improvement: Alt text was added to the increase/decrease font images displayed at the top of the survey page. (Ticket #20577)
  • Bug fix: The API Playground mistakenly displays a drop-down of events for the Delete Record method when it should instead display a drop-down of arms. (Ticket #20599)
  • Bug fix: The data search on the Add/Edit Records page will mistakenly never return any results when searching over "All fields" when the REDCap web server is running PHP 7. (Ticket #20111)
  • Bug fix: When renaming a record on the Record Home Page, it would mistakenly allow users to enter illegal characters in the record name, such as ampersands, apostrophes, plus signs, and pound signs. (Ticket #19719)

Version 7.3.5 - (released 4/28/2017)

BUG FIXES & OTHER CHANGES:

  • Bug fix: If a survey has "Enhanced Radios and Checkboxes" enabled, and a radio or checkbox is selected by a participant on the survey page and then the field gets hidden by branching logic, then if the field later becomes visible again due to branching logic, it would mistakenly still seem to be selected even though it is not really selected. (Ticket #19034)
  • Bug fix: If using the Online Designer's "Copy" button to copy an instrument containing a matrix of fields, it would mistakenly not append the specified suffix (e.g., "_v2") to the matrix group name but would instead append a random string of alpha-numeric characters. (Ticket #19333)
  • Bug fix: If deleting an event of data on a record's Record Home Page, it would mistakenly not delete all the event data if the event contained one or more repeating instruments that had some data saved on non-first instances of the instrument. (Ticket #17694)
  • Bug fix: If a user is locking all forms across all events on the Record Home Page for a record that has repeating events of data in a project with Repeating Events enabled, it would mistakenly not lock any empty forms (i.e., having a gray status icon) that exist on a repeating event, excluding the first repeating instance. Additionally, empty forms on repeating events (excluding the first repeating instance) were showing up as locked on the Record Home Page (i.e., having lock icon) even though they were not really locked. (Ticket #17615)
  • Bug fix: When using the Scheduling module in a longitudinal project that contains repeating instruments, in certain cases a record might mistakenly not be displayed in the "choose existing unscheduled" drop-down on the Scheduling page, thus preventing the user from scheduling certain records. (Ticket #17272)
  • Bug fix: When enabling the Survey Login feature in a multi-arm longitudinal project, if a record does not exist in an arm whose fields/events are specified as the login fields, then the survey login page would mistakenly display an error saying that the login form could not be displayed (and thus provide no way to log in to the survey). In this scenario, it should instead bypass the survey login form and display the survey page since the record exists in another arm as the specified login fields, thus the record should not be subject to it. (Ticket #18430)
  • Bug fix: When using the Survey Queue and selecting the option to display the survey in the queue "when the following survey is completed", it was only checking to see if that instrument was completed as a survey. It should have also been checking if the instrument had been set to a Form Status of "Complete" on a data entry form, which is how Automated Survey Invitations have always behaved for this same setting. This was causing some surveys to show up as not having been completed in the participant's survey queue. (Ticket #15640)
  • Bug fix: When using the Survey Queue and referencing a value from a repeating instrument inside the conditional logic for the survey queue item, it might mistakenly not display the survey in the queue or might show it as not having been completed when it was completed as a data entry form. (Ticket #15640)
  • Bug fix: When viewing a tall multi-page report in a project, in which it utilizes the floating headers on the report table, if the user switches between pages of the report, it might mistakenly cause part of the table headers to suddenly appear below the page footer at the bottom. (Ticket #19676)
  • Bug fix: When importing data via the Data Import Tool, if any error messages contain a comma in the text, it would mistakenly truncate the error message at the comma when displaying it on the page for the user.

Version 7.3.4 - (released 4/21/2017)

BUG FIXES & OTHER CHANGES:

  • Improvement: The redcap_repeat_instance and redcap_repeat_instrument values will now be sent as parameters for Data Entry Triggers. Note: If the current event/instrument is not a repeating event or repeating instrument, respectively, then these parameters will not be included in the DET request. (Ticket #18794)
  • Improvement: The repeat_instance parameter was added to the following hook functions: redcap_data_entry_form, redcap_data_entry_form_top, redcap_save_record, redcap_survey_complete, redcap_survey_page, and redcap_survey_page_top. NOTE: In order to utilize this new parameter in REDCap, you must add $repeat_instance as the last parameter in the function definition of the functions above in your hook functions file on your web server. (Ticket #18794)
  • Improvement: The repeat_instance parameter was added to the REDCap::getPDF() method for plugins/hooks. (Ticket #18794)
  • Bug fix: When renaming a record on the Record Home Page, it would mistakenly not trim off any spaces accidentally added to the beginning or end of the new record name, thus leaving the record in a limbo state where it is not accessible in data entry forms and could not be deleted.
  • Bug fix: If a text field that lacks integer or number validation has a trailing space in its value and is then used in the equation of a calculated field, the resulting calculation as seen on data entry forms and survey pages might mistakenly be incorrect, whereas data imports and Data Quality rule H would perform the calculation correctly. (Ticket #19037)
  • Change: Added a "Cancel" button to the bottom of the Data Dictionary Upload page and Data Import Tool to more easily allow users to start over when halfway through the upload process. (Ticket #19035)
  • Bug fix: In certain versions of Internet Explorer, the "Cancel" button would not work correctly and would mistakenly submit the form on the following pages: Copy Project page and Create/Edit Survey page. (Ticket #18996)
  • Bug fix: When collapsing many repeating events on the Record Home Page (by clicking the left/right arrow button), then uncollapsing them, then repeating this process several times, the user's browser may get bogged down and crash. And it may even mistakenly ban the user's IP address from REDCap, after which they would have to be unbanned.
  • Bug fix: When exporting data to a stats package (e.g., SPSS, SAS, R, Stata) for a project that contains repeating events or repeating instruments, if the report being exported does not include any fields from a repeating event or repeating instrument, then the fields listed in the stats package's syntax file might not line up with the fields contained in the resulting CSV data file, thus making it impossible to load the data into the stats package. (Ticket #18996)
  • Change: The Configuration Check page in the Control Center now recommends that you upgrade to PHP 5.4.0 or higher if you are currently running PHP 5.3 on your REDCap web server. It notes that while most of REDCap's functionality works fine with PHP 5.3, it has shown to provide inconsistencies on rare occasions when evaluating particular types of equations for calculated fields. So for better performance and accuracy, it is recommended that you upgrade to PHP 5.4.0 or higher.
  • Change/improvement: When using both Data Access Groups and Double Data Entry in a single project and merging two records that both belong to the same DAG, previous versions did not automatically assign the merged third record to the same DAG. It now automatically assigns the new third record to the same DAG in that case. (Ticket #18767)
  • Bug fix: When the Data Resolution Workflow module is enabled, and a user attempts to respond to an open query by uploading a file, the file would mistakenly fail to upload.
  • Bug fix: When the Data Resolution Workflow module is enabled, and a user enters a value for a field that has an open query, which causes the "Save and then open Data Resolution Pop-up" button to appear, if the button is clicked on a repeating instrument or on a repeating event, then it would mistakenly redirect the user back to the first instance of the data entry form (rather than the current instance) after successfully saving the form's data.

Version 7.3.3 - (released 4/13/2017)

BUG FIXES & OTHER CHANGES:

  • Major bug fix: When viewing the Record Home Page for a record, in which the main table on the page is wide enough or tall enough that it invokes the floating header or floating first column, then if the user clicks the down arrow button on the main table to collapse it, it might mistakenly not be possible for the user to uncollapse the table, even after refreshing the page, thus making it impossible to navigate fully throughout a record. (Ticket #18819)
  • Change: On certain rare occasions, the table displayed on the Record Home Page, on the Record Status Dashboard, on the Designate Instruments For My Events page, and on all reports might not display properly but might have its columns or rows appear misaligned in some way, thus making it difficult to view the table or navigate it well. If this occurs, users can now disable the floating table headers for that table/page in that specific project (and have it remember that choice) by clicking the "Table not displaying properly?" link that is now displayed near the top right of the table. It will also have a [?] link to click, which opens a popup with an explanation of what it means to disable that functionality. (Ticket #18822)
  • Bug fix: When performing a data export to SAS or SPSS, in which some fields in the export data set have "datetime" or "datetime w/ seconds" field validation, those fields would mistakenly not get added to the syntax file produced for both SPSS and SAS. Bug emerged in REDCap 7.3.1 (Standard). (Ticket #18579)
  • Bug fix: When viewing the popup for setting up Repeatable Instruments/Events on the Project Setup page, if the project is longitudinal and a custom label is set for a repeating instrument, then when the popup is reopened later after saving, it might mistakenly display one of the custom labels for that instrument in every event, rather than just in the event in which it was specified. This won't change anything in how the custom labels are implemented unless the values are re-saved after initially saving though.
  • Bug fix: In a longitudinal project with repeating events enabled, if a user adds data for several repeating events, in which one of the instruments on a repeating event has a gray status icon, then the corresponding icon(s) for that instrument/event for that record would not display correctly on the Record Status Dashboard, such as displaying a gray status icon when it should display a red stack status icon. (Ticket #18073)
  • Bug fix: When viewing the popup for the Data Resolution Workflow on a repeating instrument, the table rows that show the data value changes for the field in the popup would mistakenly always show the first instance's data, not the current instance of the repeating instrument. (Ticket #18873)

Version 7.3.2 - (released 4/6/2017)

BUG FIXES & OTHER CHANGES:

  • Change: In REDCap 7.3.1 (Standard), the Codebook page required Project Setup/Design privileges to view it, although in previous versions it did not require any special user privileges in order to view the page. However, due to good arguments made against the change in 7.3.1, the change has been reverted, and the Codebook will now be fully viewable to all users in the project just as it was in versions prior to 7.3.1.
  • Improvement: On the Logging page in projects that have Data Access Groups, a user that is not assigned to a DAG will be able to filter the logging results by records in a DAG. Below the "Filter by record" drop-down at the top, it will display a "Filter by records in a DAG" drop-down that is viewable only by users not currently assigned to a DAG.
  • Bug fix: If an apostrophe exists in the name of a User Role, then the role could not be edited when clicked on the User Rights page. It would instead mistakenly throw a JavaScript error.
  • Bug fix: When exporting a PDF of a data entry form with data, in which the form is enabled as a repeating instrument, if a checkbox field on the instrument has branching logic, it might mistakenly not display the checkbox in the PDF when it should be displayed. (Ticket #17621)
  • Bug fix: When deleting an event of data for a repeating event on the Record Home Page in a longitudinal project, it would remove the event instance from the Record Home Page, but the event instance would mistakenly still appear in reports and data exports. (Ticket #17859)
  • Bug fix: The bug fix in REDCap 7.3.0 LTS that dealt with the usage of "" and "NaN" in calc fields mistakenly did not get incorporated into the Data Quality rule H and auto-calc implementation of calculated fields (via PHP), but it only got incorporated into the JavaScript-fired calculations on data entry forms, thus causing erroneous results to appear when executing Data Quality rule H for very specific cases where >"" or ="" were used in a calculation. (Ticket #17882)
  • Bug fix: When enabling Twilio telephony services in a project and ensuring that the Request Inspector has been disabled for that Twilio account, it would mistakenly fail and never allow the user to enable Twilio services for that project. This was due to a recent change in Twilio's API methods. (Ticket #18040)
  • Bug fix: When data quality rules have very long logic, they can take up an inordinate amount of the page, making it very difficult to view or execute several at once. (Ticket #17548)
  • Bug fix: When moving a project to production and opting to delete all data, it mistakenly says that it will also delete all data dictionary snapshots, which is not correct. All data dictionary snapshots will be preserved. The text will be corrected. (Ticket #17785)
  • Bug fix: "MySQL over SSL" is now fully supported. In previous versions, it would fail to connect in certain instances, such as if using a self-signed SSL certificate or if using Table-based authentication.
  • Bug fix: When saving data in a hook or plugin using the REDCap::saveData method, if the event name field is not included when saving data for a longitudinal project, then it would appear to save the data to the first event of the record, but the record would not show up in any record lists if the record did not exist beforehand. (Ticket #17881)
  • Bug fix: HTML tags were mistakenly not being interpreted but were being displayed as-is for the institution name and organization name in project, as well as any custom text displayed at the top of the project home page, the top of data entry forms, and the top of Record Home page (Ticket #17912)
  • Bug fix: When executing a custom Data Quality rule containing fields in a project that has repeating events/instruments enabled, in which the fields utilized in the rule's logic are not located on a repeating event/instrument, it might mistakenly return duplicate discrepancies in the results.
  • Bug fix: When using the "Copy" instrument action on the Online Designer, if the first field in the instrument has a section header above it, that section header would mistakenly not get copied into the new instrument.
  • Bug fix: When a longitudinal project has long event names that have non-Latin characters in their name, it may mistakenly throw an error when attempting to create a new project using the project's XML metadata file. (Ticket #17055)
  • Bug fix: When a project with surveys has already sent out survey invitations (excluding public survey links) to participants, and then records were later deleted via the "Erase All Data" option or by deleting all records when moving the project to production, the records' survey links would mistakenly still be active and could be used by the participant (even though the record no longer exists in the project), which would create a new record. (Ticket #17457)
  • Bug fix: When a user is requesting that an administrator move their project to production, the confirmation popup that the user sees mistakenly displays a blank space inside parentheses when it should be displaying the user's email address there. (Ticket #18197)
  • Bug fix: When a user downloads an Instrument Zip file for an instrument on the Online Designer, certain server configurations would result with an error and not export the zip file successfully due to GZIP HTTP compression being enabled by mistake for that particular process. (Ticket #18094)
  • Bug fix: When using the "Time Limit for Survey Completion" feature on a survey, the link icon in the Participant List would mistakenly still be displayed even if the participant's link had already expired.
  • Bug fix: When using the "Time Limit for Survey Completion" feature on a survey, the "Link Expiration" column might mistakenly not appear in the Participant List or the column might not properly display any icons if the time limit for the survey was set using only minutes (i.e., the days and hours text boxes were left blank).
  • Bug fix: When exporting a PDF of an instrument with data, in which data is being piped into text on that instrument and the data contains line breaks/carriage returns, it might mistakenly display a rectangular symbol in the PDF at the beginning of each line of the piped data. (Ticket #17947)
  • Bug fix: On the Logging page in a project, if a user has set the time range filters at the top, and then changes the "Displaying events (by most recent)" option, it would mistakenly reset the time range filters back to blank values. (Ticket #18057)
  • Bug fix: When changing the time of a scheduled survey invitation on the Survey Invitation Log, it would mistakenly not always update the new date/time with the updated time submitted. (Ticket #17791) Abstract survey invitation language – link
  • Bug fix: In a longitudinal project that contains multiple arms, survey participants from another arm might mistakenly be displayed when viewing a survey/event's Participant List that belongs to a different arm. It will now no longer display participants from other arms. (Ticket #18354)
  • Bug fix: When adding a matrix of fields via the Online Designer for an instrument that does not yet have any fields, if the project is in production in Draft Mode, then the new matrix might mistakenly not display at all on the Online Designer or the data entry form until either a new field is added to the instrument or until a data dictionary is uploaded. (Ticket #16871)
  • Bug fix: When the Project Notes text is very long for a given project, the text can sometimes render outside its black box when displayed on the My Projects page. (Ticket #17414)
  • Bug fix: When importing data via Data Import Tool or API for a project that has Data Access Groups, in which the data being imported contains the field redcap_data_access_group, it might mistakenly throw an error stating that the unique DAG name is not valid when it actually is. (Ticket #18087)
  • Bug fix: For certain server configurations, in a longitudinal project with repeating events enabled, it might mistakenly think that some of a record's repeating events have repeating instruments within them (showing a stacked status icon inside a repeating event column), which is not possible. (Ticket #17596)
  • Post-release fix: For REDCap web servers running PHP 5.3, some components of the Repeating Instruments/Events do not work correctly in longitudinal projects. In the setup of repeating instruments/events on the Project Setup page, it would mistakenly display the letter "W" inside the custom label text box if a longitudinal event has been selected as a repeating event. Also, the Record Home Page for a given record would mistakenly display the stack status icon for instruments in a repeating event, which is very confusing, when it should only ever display that icon for a repeating instrument. These issues only arise for longitudinal projects and only when running PHP 5.3.

Version 7.3.1 - (released 3/17/2017)

BUG FIXES & OTHER CHANGES:

  • Improvement: When creating/editing reports in projects that have repeating instruments, a new option has been added to Step 3 (filtering): "Show data for all repeating instruments for each record returned?". This option is very similar to the "Show data for all events for each record returned" option found when editing reports in longitudinal projects in which it applies record-level filtering as opposed to row-level filtering ("row" referring to the rows in the report table displayed). This new option provides greater precision for controlling filters used on data in repeating instruments. For example, if a filter references a field from a non-repeating instrument, then it might filter out all data from repeating instruments and thus not display them in the report, which could be confusing. But with this option checked, it will return all repeating instances (as separate rows) for any record that matches that filter. In this way, it allows you to apply the filter to non-repeating fields while still including fields from repeating instruments in your report. This was not possible in previous REDCap versions.
  • Change: When deleting a project while in production, if the project contains no records, it will delete the project immediately rather than sending a request to the REDCap Administrator to delete it. In previous versions, an Administrator would have to delete production projects regardless of whether the project contained records or not.
  • Bug fix: Removed all instances of the PHP function set_magic_quotes_runtime() and get_magic_quotes_runtime() because they are deprecated in PHP 7.0 and later. (Ticket #16893)
  • Change: Added a note in the "Compose survey invitation" popup on the data entry form to make users aware that if they manually enter an email address into the "To" field for the survey invitation, it is a one-time use only and that any other invitations sent out at other times will instead go to the email address found in the Participant List for that participant. No functionality has changed regarding this, but some users were not aware of this behavior.
  • Change: When exporting data to Stata, it now uses syntax for newer versions of Stata. This also includes declaring datetimes more properly than in previous versions of REDCap. (Ticket #13531)
  • Bug fix: The API Playground might mistakenly allow the user to make rapid sequentially requests to the server by holding down the up/down arrow on the multi-select fields on the page. Also, for the Import Records method on the API Playground, the "Update" link has been removed, in which the "data" parameter is now updated when the user leaves the Data field instead, because users were not aware that the "Update" link had to be clicked at all, which caused lots of confusion.
  • Bug fix: When exporting data in CDISC ODM (XML) format on the "Data Exports, Reports, and Stats" page, if any "File Upload" fields are included in the data set but they do not have a file uploaded for them, then it would mistakenly output an empty file in the XML file and would cause issues when importing the XML file to a REDCap project.
  • Bug fix: When a project is in Draft Mode while in production, and the first instrument is a survey, and then via the Online Designer the user moves another non-survey instrument into the first form position, it would mistakenly cause all the survey timestamps from the original first instrument to be associated with the instrument that was moved (this will occur only after the drafted changes are approved).
  • Change: For security purposes, the hashing algorithm used for hashing the answer to password recovery questions (for Table-based authentication only) will be updated to a stronger algorithm. This will unfortunately cause all Table-based users to have to set their password recovery question again the next time they log in to REDCap; however, it is anticipated that this will cause very little inconvenience to users.
  • Bug fix: When piping data from a text field that has the biomedical ontology auto-suggest enabled, it would mistakenly pipe in the raw value instead of the label. (Ticket #12705)
  • Bug fix: Cross-form branching logic does not always work successfully on a repeating event. (Ticket #16372)
  • Bug fix: A fatal PHP error might occur when uploading files on some REDCap web server configurations that do not have the PHP function mime_content_type(). It is currently not know why this function would be missing for some configurations.
  • Bug fix: The "Export Records" API method would mistakenly not export the redcap_repeat_instrument and redcap_repeat_instance fields when exporting data from a repeating instrument or repeating event in EAV format.
  • Bug fix: When creating a new REDCap project from a Project XML metadata file, in which the project is not longitudinal but contains repeating instruments, it might not enable the repeating instruments in the newly created project.
  • Change: Normal users are now allowed to enable (or modify) repeating instruments/event in a project while the project is in production. In previous versions, they could only do this while in development.
  • Bug fix: When clicking the "Move" icon for a field in the Online Designer, if some fields in the project have very long Field Labels, then it might cause display issues for the drop-down list of field inside the popup that is displayed because the drop-down is too wide.
  • Change: The Codebook page in a project now requires that a user have Project Setup/Design privileges in order to access it. This was changed to be more consistent with other places where Project Setup/Design privileges are applied.
  • Bug fix: The "Repeatable instruments and events" video on the Training Videos page mistakenly displays the wrong video title inside the popup when viewing the video. (Ticket #16502)
  • Change: For better compatibility with Shibboleth authentication, the format of the Send-It download URL has been reverted to its pre-7.0 format. Note: The current format will also work in 7.3.1 and is backward compatible in case any Send-It files had been sent out just prior to upgrading to this version.

Version 7.3.0 - (released 3/10/2017)

NEW FEATURES, BUG FIXES, & OTHER CHANGES:

  • New feature: Response Limit for surveys - Users may set a response limit for any given survey to prevent respondents from starting the survey once a set number of responses have been collected. Note: It can be set so that the response count included either completed responses only or both partial and completed responses. Users may also set custom text to be displayed to respondents on the survey page when the response limit has been reached.
  • New feature: Time Limit for Survey Completion – Users may set the amount of time (in days, hours, and/or minutes) that each respondent has to complete a given survey based on when they were initially sent the survey invitation. Note: This feature excludes public survey links. When enabled, a new column is displayed on the Participant List where it denotes if a participant’s survey link has expired and also displays the expiration time if you hover over the icon. If the icon is clicked, the user can permanently override the link expiration time by setting it further in the future (to give the respondent more time), or else to expire the link sooner (or even immediately).
  • Improvement: The survey options at the top of a data entry form now include a new option “Log out + Open suvey”, which will simultaneously open the survey in a new browser tab while logging out the REDCap user in the current tab. This makes it easier for users to log out of their REDCap session in case they walk away from the computer while a participant takes the survey, thus ensuring that the participant is not able to go into the first tab and access the user’s REDCap account and projects.
  • Improvement/change: Better protection against accidentally overwriting survey responses when opening surveys from a data entry form. When clicking the "Open survey" option at the top of a data entry form, it will display a popup on the data entry form to inform the user that it is recommended that they leave the page without saving it in order to avoid overwriting or erasing the survey responses that had been collected in another browser tab on the survey page.
  • Bug fix: REDCap would not be able to make outbound requests properly if the REDCap web server is using a proxy.
  • Bug fix: The use of [field]="" inside the condition of an IF statement for a calculated field does not behave as users would expect, and this often requires users to use [field]="NaN" as an alternative for checking if a field's value is blank/null. Now [field]="" will work as one would expect and will work identically to [field]="NaN".
  • Bug fix: Drop-down fields with autocomplete enabled will mistakenly display little arrows in front of the choice labels in Google Chrome only. (Ticket #15862)
  • Bug fix: After being on any page for more than 3 minutes, it would disable certain jQuery-enabled triggers, such as auto-complete drop-down fields on data entry forms and any custom Bootstrap components. (Ticket #15989, #14863)
  • Bug fix: When upgrading REDCap, if the new REDCap version directory has been uploaded to the web server but the upgrade has not been completed yet, then the REDCap cron job would mistakenly not run until the upgrade has completed. It will now always run when it is supposed to, even in the midst of an upgrade. (Ticket #15991)
  • Bug fix: If running PHP 7.1 or higher on the REDCap web server, the Data Resolution Workflow popup would mistakenly fail to open when a user tries to open it. (Ticket #16040)
  • Bug fix: If doing a user search using "all user attributes" on the Browser Users page in the Control Center, it would mistakenly always return every user in the system. (Ticket #16026)
  • Change: Added "language" option for users submitting an instrument to the REDCap Shared Library so that they can specify the language of their instrument's text. Note: Instruments in the Shared Library are now searchable by language.
  • Bug fix: The "email" field validation would mistakenly not accept email addresses containing accent marks and other valid UTF-8 characters. (Ticket #15874)
  • Bug fix: When downloading PDFs containing record data, it would sometimes mistakenly display duplicate pages for an instrument for longitudinal projects only. (Ticket #12797, #14945)
  • Bug fix: When viewing the Survey Invitation Log, for certain situations, some invitations might mistakenly not be displayed on the page.
  • Bug fix: When editing an existing report that uses advanced logic in Step 3, if a user clicks the "Switch format: Use simple logic" link, the drop-down list of fields in that section would mistakenly not be displayed, thus making it impossible set set a filter unless the user reloads the page.
  • Bug fix: When setting up an Automated Survey Invitation and using conditional logic, if a record is selected in the "test logic with a record" option *and* the project is in production, then it might mistakenly return "[No value]" rather than True or False regarding whether the condition is true/false for a given record.
  • Bug fix: The field name auto-suggest feature for branching logic, calculations, ASIs, etc., would mistakenly suggest checkboxes in the wrong format (i.e., without parentheses with a value inside them). It now suggests checkboxes in the correct syntax. (Ticket #15510)
  • Bug fix: On the Randomization page in a project, the drop-down lists of fields might be too wide for the page. (Ticket #16559)
  • Change: The cell borders where added back to the report table, Record Home Page table, and Record Status Dashboard table for better readability of the table contents.
  • Bug fix: The "Print Page" button on reports would cause the report to not look correctly in the print preview if the report table was too wide or too tall to fit on the page.
  • Bug fix: The Record Home Page's table might have its rows/column misaligned if the table is too wide or too tall. (Ticket #16150)
  • Bug fix: When clicking the "Show Stats Only" button on the "Stats & Charts" page, it might mistakenly still show the "Download Image" button if all the field plots have not fully loaded yet on the page. (Ticket #6534)

Version 7.2.2 - (released 2/23/2017)

BUG FIXES & OTHER CHANGES:

  • Minor security fixes: Cross-site scripting vulnerabilities and SQL injection vulnerabilities were found on several different pages, in which the vulnerabilities could possibly be exploited by a malicious user.
  • Bug fix: Many improvements regarding the rendering of tables for reports, Record Status Dashboard, and Record Home Page due to floating headers/columns not lining up correctly.
  • Bug fix: A few PHP files contained \r (CR) characters without \n (LF) characters immediately following them, which caused issues when uploading the REDCap source code to certain web servers.
  • Bug fix: When using Send-It to send a file from a data export, a File Repository file, or from a File Upload field, it would result in an error when the user would click the "Send It!" button. (Ticket #12747)
  • Bug fix: When clicking the "Lock all instruments across all events" option on the Record Home Page, it would mistakenly only lock instruments for events that contain data. This mistakenly changed in a previous version and is now set back to the way it was originally where it would lock all forms across all designated events regardless of whether there is data in the form or in the event.
  • Bug fix: If running PHP 7.1 or higher on the REDCap web server, any API import method with content in XML format would fail. (Ticket #15764)
  • Bug fix: When doing a CSV Raw data export while exporting the survey fields, the header text for "Survey Timestamp" would mistakenly be blank. (Ticket #14316)
  • Bug fix: If running PHP 7.1 or higher on the REDCap web server, any Data Quality rule would fail when executed. (Ticket #15582)
  • Bug fix: The font resize option at the top of surveys mistakenly does not increase/decrease all text uniformly on the page. (Ticket #15749)
  • Bug fix: If running PHP 7.1 or higher on the REDCap web server, the biomedical ontology auto-suggest feature for Text fields would always return nothing from the search.
  • Bug fix: When creating or editing a report and adding a new field in Step 2, if the user hits the Enter key while in the text field when the text field is empty, it would mistakenly display the "List of users with access" popup.

Version 7.2.1 - (released 2/16/2017)

BUG FIXES & OTHER CHANGES:

  • Major bug fix: If a user's Data Export permissions are "De-Identified" or "Remove all tagged Identifier fields" when they are using the Export Records API method, in which they specify a list of fields (or forms) by variable name (or form name) in their API request, then if every one of those specified fields are also fields that would normally get removed due to their export privileges, then it would mistakenly return data for all the fields in the project. (Ticket #15003)
  • Medium security fix: A malicious user or survey respondent could uploaded a specially designed file for a File Upload field on a survey or data entry form, and then exploit it by getting a REDCap Administrator to then navigate to a specially crafted link, which might allow them to escalate certain Administrator privileges and take advantage of them, even capturing their login information.
  • Minor security fixes: Several cross-site scripting vulnerabilities were found on various pages, such as the User Rights and Project Setup pages, in which the vulnerability could possibly be exploited by a malicious user.
  • Improvement: If an individual project has been set as "offline" on the "Edit a Project's Settings" page in the Control Center, it will note this in red letters on the My Projects page or Browse Projects page for the project.
  • Bug fix: The record status dashboard and report tables would not always have their rows aligned correctly, and some table columns might be missing a border. (Ticket #15055)
  • Bug fix: If viewing a report and viewing the "ALL" option for paging in order to view all pages of the report, then if the user clicked the table header to sort the table, it would mistakenly display the page-sorting note that should only be displayed when viewing a single page of the report.
  • Bug fix: Enhanced radio buttons on surveys were not vertically aligned correctly but mistakenly had extra padding above them. (Ticket #14996)
  • Bug fix: For certain MySQL installations, it would always keep displaying the "Your REDCap database structure is incorrect" error message in the Control Center, even though there was not an issue. Bug emerged in REDCap 7.2.0. (Ticket #15069)
  • Bug fix: When viewing a data entry form of a repeating instrument that is also enabled as a survey, the survey options drop-down at the top of the form will mistakenly be disabled if the instance number is greater than "1" and the form has not the form saved yet. (Ticket #14629)
  • Bug fix: When viewing a data entry form of a repeating instrument that is also enabled as a survey, and the user chooses to compose a survey invitation using the survey options drop-down at the top of the form, it would mistakenly always send the survey link pointing to the first instance of the survey rather than to the correct instance number. (Ticket #14629)
  • Bug fix: When a repeating instrument is also enabled as a survey with the repeat survey button option set to be "Before the submit button in the survey", if any required fields on the survey were left blank and the repeat survey button was clicked, it would mistakenly not prompt the respondent to enter the required fields that were left blank and would mark the survey as completed. (Ticket #14092)
  • Bug fix: When using the Twilio telephony services for surveys, in certain cases it would not always erase the logs on the Twilio website of SMS messages sent via REDCap. It now does a much more comprehensive job of deleting SMS messages than before. (Ticket #11167, #13676)
  • Bug fix: The "E-Signature and Locking Management" page would mistakenly display instruments that have locking capabilities disabled as set on the "Record Locking Customization" page. (Ticket #15020)
  • Bug fix: The drop-down Topic list on the "Help & FAQ" page was not scrollable, which made it impossible to view the bottom items of the list if your browser window was not very tall.
  • Bug fix: When executing a user-defined Data Quality rule in a longitudinal project, it might mistakenly return duplicate results for any discrepancy found.
  • Bug fix: When using the REDCap Mobile App, it was mistakenly not logging the REDCap user in the mobile app specific logs on the different tabs in the REDCap Mobile App page in a project. Bug emerged in REDCap 7.1.0.
  • Bug fix: If a user has been given "De-Identified" data export privileges in a project that contains surveys, then when exporting data from the "Data Exports, Reports, and Stats" page, it should automatically pre-select the checkbox to force date-shifting the survey completion timestamp fields because survey timestamps can be considered identifiers (PHI) in many cases. (Ticket #15145)
  • Bug fix: When the Dynamic Data Pull (DDP) module is enabled in a project, it might mistakenly display duplicate values for a field inside the DDP adjudication popup. This usually occurs when a single source field is mapped to many different REDCap fields in the project. Additionally, if a user chooses not to select any fields in the adjudication popup but wants to mark them all as having been adjudicated, then it would never cause the number of items left to be reduced after clicking the Save button, thus always showing that X items are left to adjudicate.
  • Bug fix: If users use "!=" instead of "<>" in a calculated field's equation, it would not always evaluate the calculation correctly when viewing the form or survey where the calc field is located. (Ticket #15339)
  • Bug fix: Horizontally-aligned slider fields would mistakenly display as vertical on mobile devices only. (Ticket #15390)
  • Bug fix: HTML tags places inside the rule name of a Data Quality rule would get escaped and be viewable as-is rather than interpreted as HTML.
  • Bug fix: If a Custom Record Status Dashboard is sorted in descending order by the record ID field, then even though record auto-numbering is enabled in the project, it would mistakenly sort the record names as text rather than sorting them using a numerical sort. (Ticket #15303)
  • Bug fix: If running specific versions of PHP on the REDCap web server, the Field Comment Log popup would crash and never display the popup. (Ticket #15333)
  • Bug fix: Some text was missing when describing the Duo two-factor authentication option in the Control Center.
  • Bug fix: When attaching a YouTube video to a Descriptive field on a survey or data entry form, at the end of the video it would mistakenly display other recommended videos (added automatically at the end by YouTube). It has now been set to never do that.
  • Change: A count of the number of users is now displayed at the top of the user list table on the Project Home page.

Version 7.2.0 - (released 2/9/2017)

NEW FEATURES & IMPROVEMENTS:

  • New feature: Custom Record Status Dashboards
    • Users can build and save custom versions of the Record Status Dashboard to customize the dashboard to their liking.
    • Custom dashboards have many configuration options. Users can give each dashboard a title and a description/instructions, and can choose the instruments to include or exclude in the dashboard's display. Similar to building reports in REDCap, Custom Record Status Dashboards allow users to sort the records in the dashboard by another field's value, and one can set filter logic to filter the records displayed in the dashboard to a specific subset of the total records (e.g. [age] > 30 and [diabetes] = "1"). There are aesthetic controls as well, such as being able to display the dashboard headers vertically, which will transpose them 90 degrees for a more compact display on the page.
    • Only users with Project Setup/Design privileges may create custom dashboards. Once a custom dashboard has been created, it will be viewable and usable by all users in the project. Users may create as many custom dashboards as they like in a project. To create a custom dashboard, navigate to the Record Status Dashboard in a project, and click the blue "Create custom dashboard" button to get started.
  • New feature: Text searching and ordering on reports – Users now have a search box displayed at the top of every report where they can type text to search the report, in which it will only show the rows in the currently viewed report that match the search string that is typed. Additionally, any column in a report can have its column header clicked to sort the table according to the values in that column (in ascending or descending order).

BUG FIXES & OTHER CHANGES:

  • Medium security fixes: Several cross-site scripting vulnerabilities were found on various pages, in which they could possibly be exploited by a malicious user.
  • Change: The DataTables plugin for jQuery is now included in REDCap by default, so any plugins that display REDCap’s page header/footer will automatically have the DataTables JavaScript and CSS loaded in the plugin.
  • Improvement: For longitudinal projects containing multiple arms, the Record Status Dashboard now displays each arm separately in a tabbed interface rather than trying to fit all arms in a single table, which typically is not the best way to view multiple arms of records.
  • Improvement: Checkbox fields on reports are now displayed better with their field label spanning all the choices as a row above all the choices and displaying just the choice text and variable in the individual choice column headers on the second row of the header. This groups the checkbox options together much better and is much more intuitive to read and interpret.
  • Improvement: The Group ID number for each Data Access Group (DAG) is now displayed in the DAG table on the Data Access Groups page in a project. The Group ID number is the number that is automatically generated by REDCap and is automatically prepended with a dash/hyphen to the record name when a user assigned to a DAG is creating a new record. The Group ID number is now displayed in the table on the page so that users are aware of what each DAG's Group ID number is.
  • Minor security fix: A cross-site scripting vulnerability was found on the Project Setup page, which could possibly be exploited by a malicious user.
  • Minor security fix: An SQL injection vulnerability was found on the Control Center's Browse Users page, which could possibly be exploited by a malicious user that has compromised an administrator's account.
  • Change: Question numbers displayed on surveys are now displayed as right-aligned, whereas in previous versions they were left-aligned. This is to reduce the gap between the question number and the question text for a more readable and intuitive display.
  • Bug fix: When making a call to the Import Metadata API method, it would mistakenly always return "18" as the response rather than returning the number of fields that were actually imported.
  • Bug fix: When creating a Project Bookmark in a project and using the Link Type="REDCap Project", the project list would mistakenly include deleted projects. (Ticket #13855)
  • Bug fix: When choosing the "Lock all instruments" option from the record action drop-down on the Record Home Page of a given record, in longitudinal projects it would mistakenly lock instruments on events that do not contain data. Bug emerged in REDCap 7.0.0.
  • Bug fix: After choosing the "Lock all instruments" option from the record action drop-down on the Record Home Page of a given record, it would mistakenly not display the lock icon on that page for instruments with a gray status icon (it should always display the lock icon for all instruments on all events containing data). Bug emerged in REDCap 7.0.0.
  • Bug fix: If the Double Data Entry module is enabled in a project, and a user clicks one of the "Compare" buttons at the top of the Data Comparison Tool page immediately after merging a record, it will mistakenly save some values in the back-end database table, thus mistakenly creating an additional new record that has no relation to the other existing records. (Ticket #13394)
  • Bug fix: If a user leaves a required field blank on a repeating instrument or repeating event, it will reload the data entry form to display the error message, but will mistakenly load the first instance of the form/event rather than the correct instance being saved. (Ticket #14099)
  • Bug fix: The input fields inside the "Enable reminders" box in the Compose Invitations dialog on the Participant List page were too small to read.
  • Bug fix: IF running PHP 7.X on the web server, then the API Playgound page might crash on specific occasions with a fatal PHP error when attempting to view the code produced at the bottom of the page for various programming languages.
  • Bug fix: If scheduling a survey invitation via the Compose Survey Invitations popup on the Participant List page and setting a reminder to "send at exact date/time", then the reminder would mistakenly send immediately rather than at the time defined. (Ticket #14314)
  • Bug fix: When deleting a record on the Record Home page when the record name contains a space, the message displayed after successfully deleting the record would mistakenly have a "%20" in place of the space in the record name displayed.
  • Bug fix: When using the Dynamic Data Pull (DDP) module and mapping fields with composite mapping (i.e., many-to-many mapping), it might mistakenly not save those mappings correctly, which might prevent data from being pulled into them correctly from the source system and would also cause issues displaying the mapping page correctly afterward.
  • Bug fix: The record count on the System Statistics page in the Control Center might mistakenly be slightly higher than the actual count.
  • Bug fix: When using Send-It to send a file from a File Upload field, from a data export, or from the File Repository, it would mistakenly display the "Select a file" option to upload a new file when it should instead display the filename of the file.
  • Bug fix: When a calculated field is located on a repeating instrument, it may mistakenly not show up in Data Quality rule H as a discrepancy when there is a discrepancy between the saved value and the true calculated value.
  • Bug fix: When the record ID field is located on a repeating instrument, it may mistakenly cause discrepancies to show up as duplicates in Data Quality rule H.
  • Bug fix: When executing Data Quality rule F, it would mistakenly return discrepancies for checkbox fields that were hidden by branching logic but had all their choices unselected. (Ticket #13555)
  • Bug fix: When calling the API Delete Records method, it was mistakenly checking the wrong user permissions. It should have been checking to require that the user has API Import/Update permissions and Record Delete permissions. (Ticket #14328)
  • Bug fix: When a project is in production but not in draft mode, it would mistakenly display the "Download Data Dictionary with drafted changes" link on the Project Setup page. It should only display that link when the project is in draft mode. (Ticket #14851)
  • Bug fix: When viewing a data entry form or survey page using a recent version of Android, depending on the device, the backspace button may get inadvertently disabled on the device's keypad for integer-validated text fields only, thus preventing users from removing an integer that was entered into a field. The fix for this has a downside, which is that integer-validated text fields will now no longer display just the device's keypad on Android devices but will instead display the full alphabetic keyboard.
  • Bug fix: The REDCap Language File Creator/Updater would create corrupted language files to be used for translation due to presence of the HTML character code " in certain string of language text in the English.ini file. (Ticket #14843)
  • Bug fix: When using the To-Do List in the Control Center and clicking the info button on the right for a given item in the list, some of the text revealed in the box would not be completely viewable. (Ticket #14368)
  • Bug fix: When copying a data collection instrument via the Online Designer's "choose action" button, if a field on the instrument has a new resulting variable name that is longer than 100 characters, then it would result in an error and prevent the user from copying the instrument. (Ticket #14770)
  • Bug fix: When users are not allowed to copy projects on their own but must request administrators to do so for them, if an administrator processes a "copy project" request via the link sent in the email (rather than directly via the To-Do List in the Control Center), then the request item will mistakenly not get marked as "completed" on the To-Do List page. (Ticket #14891)
  • Bug fix: If a user is typing branching logic or a calculation into a text field where it provides the variable auto-suggest feature and logic validation in real time, then in some cases if the user does this a lot in a short amount of time, it might mistakenly ban the user's IP address and lock them temporarily out of REDCap. (Ticket #14405)
  • Bug fix: If scheduling a survey invitation via the Compose Survey Invitation popup on a data entry form and setting a reminder to "send at exact date/time", then the reminder would mistakenly send immediately rather than at the time defined.
  • Bug fix: When uploading an attachment file onto a Descriptive field in the Online Designer, if the file's filename link is clicked to re-download the file inside the Edit Field popup, it would mistakenly display an error.
  • Bug fix: After creating a custom link for a public survey link, it would mistakenly not provide a way for users to remove the custom link (i.e., the red X was not being displayed) on the Public Survey Link page.
  • Bug fix: When importing data in EAV format using the Import Records API method for classic (non-longitudinal) projects only, it might mistakenly not update the value of fields that already have data and instead simply add the new value to the back-end database, leaving the field with more than one value stored.
  • Bug fix: If a multi-page survey has some pages that might get completely skipped because all fields on the page have branching logic, then if the survey instrument is also enabled to be a Repeating Instrument in the project, then it would mistakenly fail to skip the page when branching logic dictates that it should be skipped. (Ticket #13764)

Version 7.1.2 - (released 1/20/2017)

BUG FIXES & OTHER CHANGES:

  • New module: Find Calculation Errors in Projects - This new page in the Control Center allows administrators to determine if any projects in the entire REDCap system contain calculation errors. It is possible in certain cases that the data saved for calculated fields in projects might not be accurate. This might be due to a user modifying a calc field's equation after data collection has begun, or perhaps due to software bugs that may have occurred in REDCap in the past that affected calculations. This new module will not fix any incorrect calculations in projects, but it will identify projects with issues so that the administrator or a user in the project can go to the Data Quality module in the project and run Rule H, which will help fix any calculation errors.
  • Bug fix: When using the Save & Return Later feature on a survey that is enabled as a Repeating Survey (via Repeating Instrument feature), it would mistakenly ask for the Return Code (or ask for the respondent to log in if Survey Login is enabled) on the repeated instances of the survey after the first one has been entered. (Ticket #13240)
  • Bug fix: When a user's password has been reset and they are emailed a link to reset their password, on certain random occasions when the click the link in their email, it will fail to begin the password reset process and will also mistakenly display an "Access Denied" message stating that the user is now locked out of REDCap temporarily for X minutes. (Ticket #7457, #11260, #1710, #13109)
  • Bug fix: If a user on a data entry form leaves spaces before or after a value entered in a text field, the prompt that asks them if they want the spaces trimmed mistakenly gets displayed in the wrong vertical position on the webpage in certain cases. (Ticket #13486)
  • Bug fix: If a project has repeating instruments that are enabled as surveys, and a user clicks the "Delete data for THIS FORM only" button at the bottom of a data entry form, then it would mistakenly not remove that instance of the instrument from the Participant List.
  • Bug fix: If a project has repeating instruments that are enabled as surveys, and a Custom Label has been set for the repeating instrument, then it would mistakenly not display the custom label for Instance #1 in the Participant List.
  • Bug fix: If a project has repeating instruments that are enabled as surveys, and a Custom Label has been set for the repeating instrument, then it would mistakenly not display the custom label for Instance #1 in a record's Survey Queue.
  • Bug fix: If a project has repeating instruments that are enabled as surveys, then on certain occasions in longitudinal projects, it might mistakenly only display the first instance of the survey in a record's Survey Queue.
  • Bug fix: Data Quality rule F would mistakenly return discrepancies for visible fields with branching logic and have data saved for them rather than only fields that are currently hidden. (Ticket #13555)
  • Bug fix: If a field is given the variable name "length", then the "Reset" link will not work for the field if it is a radio or slider field. Also, a slider field with that variable name will not get enabled when initially clicked by the user. (Ticket #13595)
  • Bug fix: If using a custom message to display to users when creating/copying a project, then if a user goes to copy a project, it will mistakenly bypass the custom message prompt and copy the project regardless. (Ticket #13674)
  • Bug fix: If the randomization module is enabled on a longitudinal project with multiple arms, in which a record exists on multiple arms (one of which is the arm that contains the randomization field), then if the record is deleted from the non-randomization arm, then its randomization allocation would mistakenly get removed from the randomization arm. This means that the record's allocation would get removed mistakenly as if it were never randomized and thus allow another record to mistakenly take its allocation later. (Ticket #13278)
  • Change: When viewing a report that displays data from a repeating instrument or event, it will now gray out the cell of the redcap_repeat_instrument and redcap_repeat_instance columns for the base instance row of a record (i.e., where the redcap_repeat_instance field has a blank value), thus denoting that that field is not relevant for that row of data (since the row is displaying non-repeating data only).

Version 7.1.1 - (released 1/13/2017)

BUG FIXES & OTHER CHANGES:

  • Improvement: When opening the Field Comment Log, it now places the user's cursor inside the text box automatically as a convenience to the user.
  • Improvement: When a user is on a data entry form or survey and hovers over the choice label of a radio button field, the cursor changes to the "hand" cursor to indicate that they can click on the label to select the choice rather than thinking they have to click the radio element itself.
  • Minor security fix: A cross-site scripting vulnerability was found on the Data Import Tool page, which could possibly be exploited by a malicious user. (Ticket #13193)
  • Change: Action Tags are now listed alphabetically by name in the "What are Action Tags?" popup on the Online Designer.
  • Change: For plugin/hook developers, the background color of the Bootstrap CSS class "btn-default" was being overridden (on purpose) in all versions of REDCap 7.X, and this caused some issues for plugins/hooks that utilized that button class because it was the same color as when the button is active. This change has been reverted so as not to conflict with the Bootstrap btn-default class, and now REDCap uses a CSS class named "btn-defaultrc" instead for general default-style buttons.
  • Bug fix: When viewing the Stats & Charts page in a project, clicking the "Show Stats Only" button would cause the "Download image" button to sometimes obscure the stats table for the field. (Ticket #6534)
  • Bug fix: The wrong text is displayed at the top of the My Projects page right before the User Access Dashboard link. Bug emerged in version 7.1.0.
  • Bug fix: When exporting a PDF of data when the "Character encoding for exported files" has been set to "Chinese (UTF-8)", then it will result in a fatal PHP error if the REDCap web server is running PHP 5.4.0 or higher. (Ticket #13334)
  • Bug fix: If text containing HTML comments (e.g., <!--...-->) is added to a field label, survey instructions, or other text that appears on surveys and data entry forms, it might mistakenly prevent the full rendering of the page and might make it impossible to enter and save data successfully. (Ticket #13214) Bug fix: If text containing HTML comments (e.g., <!--...-->) is added to a field label, survey instructions, or other text that appears on surveys and data entry forms, it might mistakenly prevent the full rendering of the page and might make it impossible to enter and save data successfully. (Ticket #13214) Bug fix: If text containing HTML comments (e.g., <!--...-->) is added to a field label, survey instructions, or other text that appears on surveys and data entry forms, it might mistakenly prevent the full rendering of the page and might make it impossible to enter and save data successfully. (Ticket #13214) Bug fix: If text containing HTML comments (e.g., <!--...-->) is added to a field label, survey instructions, or other text that appears on surveys and data entry forms, it might mistakenly prevent the full rendering of the page and might make it impossible to enter and save data successfully. (Ticket #13214)
  • Bug fix: When a survey Stop Action has been enabled for a drop-down field that has the auto-complete option enabled, then if the Stop Action is triggered after selecting a choice, the value of that field would mistakenly not get saved. It would still save all other field data on the survey, but it would not save the value of the field triggering the Stop Action. This would not affect all drop-down fields but only those with the auto-complete option enabled.
  • Bug fix: When merging two records in a Double Data Entry project, slider fields would mistakenly not have a way to enter a new value in the third column of the merging table, thus making it impossible to set a value other than those from the two records being merged. For sliders on that page, it now displays an integer-validated text field with 0-100 range limit as a slider substitute since creating an actual slider on the page is a bit complex due to certain technical dependencies. (Ticket #13196)

Version 7.1.0 - (released 1/6/2017)

BUG FIXES & OTHER CHANGES:

  • New feature: Better device management for the REDCap Mobile App – The Mobile App page in a project now contains better methods for keeping track of the activity of the mobile app used on many devices at a time for a single project.
    • Each device that has initialized the project in the mobile app will be displayed in a device list on the page. It will initially display the device’s UUID, but each can be given their own nickname (e.g., Kenya tablet, Rob’s iPhone). The nickname will be displayed on the Mobile App page’s activity tables, dashboard, and file download tables so that users may track which device is doing what.
    • Each device can be blocked, if needed, without having to revoke the API token for many (or all) of your devices. Blocking behaves similar to revoking a user’s API token except it allows you to do it on a per-device basis. You might want to block a device if it were stolen, for instance. This helps protect your data from being corrupted or from falling into the wrong hands.
    • The mobile app log files can now be viewed on the Mobile App page without having to download them to view them.
  • Medium security fix: Cross-site scripting and SQL Injection vulnerabilities were found on several pages, which could possibly be exploited by a malicious user.
  • Major bug fix: Calculation errors may (in specific situations) occur on surveys or data entry forms if a calculation uses a number-validated or integer-validated field in its equation, in which the result might mistakenly get calculated as "0" instead of leaving the calc field as blank. This might also cause the "Erase value" prompt to appear on data entry forms as well.
  • Major bug fix: In specific situations, Data Quality rule H and auto-calculations may differ from the calculation performed on surveys or data entry forms if a calculation uses any of the advanced functions where many values can be used as parameters (e.g., min, max, mean, sum, stdev). The discrepancy occurs in Rule H and auto-calculations when all the values referenced inside the function have a blank/null value. (Ticket #12771)
  • Bug fix: If the equation of a calc field contains a tab character, it will display an error on the survey or data entry form where the calc field is located.
  • Change: The OpenSSL extension for PHP is now required for REDCap 7.1.0 and later versions. Previous versions of REDCap used the Mcrypt extension, which is currently deprecated in PHP 7.1 and will be removed in PHP 7.2. Mcrypt is currently used in REDCap for minor encryption routines and also for encrypting and storing DDP data values (from the DDP source system), so OpenSSL will be used to replace Mcrypt for typical encryption functionality in REDCap.
  • Bug fix: The cached count of records in a project (displayed on the My Projects page) would mistakenly not get reset when clicking the Erase All Data button on the Other Functionality page or when deleting all records while moving the project to production status.
  • Bug fix: When copying a project containing surveys using the "Copy the project" button on the Other Functionality page, it would mistakenly not copy over the Enhanced Choices option (if enabled) or the Repeating Survey options (if the Repeating Instruments functionality is enabled) from the Survey Settings page for each survey.
  • Bug fix: For projects with Repeating Instruments enabled that are also enabled as surveys with the Repeating Survey option enabled, if the Survey Queue is also enabled, then there is the possibility that only the first instance of a repeating survey will display in the Survey Queue instead of all the saved instances.
  • Bug fix: When creating a new project whose purpose is set to "Research", the text box for entering the project PI's middle initial is not wide enough. (Ticket #12786)
  • Bug fix: If the Data Resolution Workflow is enabled in a project and a user is viewing the dialog/popup of data query actions and logged data, on certain occasions it might mistakenly not display all the items in correct chronological order. (Ticket #12825)
  • Change: The text describing the Project Notes field when creating a new project was modified slightly to inform the user that the notes are displayed on the My Projects page, which was not explained in prior versions. (Ticket #12843)
  • Bug fix: When upgrading REDCap, if the version directory has been placed on the REDCap web server and the administrator is on the REDCap Upgrade page, the link on that page to the Language File Creator/Updater page would mistakenly redirect them to the REDCap Home page instead of the correct page.
  • Bug fix: When opening a To-Do List request in the popup dialog on the To-Do List page in the Control Center, the top of the popup would be mistakenly hidden underneath the top navigation bar, thus making it impossible to close the popup.
  • Bug fix: When editing a report and changing the field/variable used for a filter in Step 3, in which the filter field being modified is not the last filter in the report, then it would display a new filter field at the bottom with an incorrect filter number value (e.g., displays "Filter 3" for the last filter when it should say "Filter 8" instead). (Ticket #12766)
  • Bug fix: In the API documentation for the API method "Export Project XML", the paragraph of text for the "exportFiles" parameter was displaying the wrong text. (Ticket #12974)
  • Bug fix: When attempting to send a signature file or uploaded file via Send-It from a data entry form, it would display an erroneous error message when the file is sent, thus preventing it from being sent. (Ticket #12747)