LimeSurvey 3.17.3+190429
19 May 2019
LimeSurvey version 3.17.3+190429 is now available (major release).
Upgrading to LimeSurvey 3.17.3+190429
LimeSurvey 3.17.3+190429 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply LimeSurvey updates as new versions are released, or use Installatron's Clone feature to duplicate an existing LimeSurvey install to test the 3.17.3+190429 upgrade prior to applying it live. Get started managing your LimeSurvey installations with Installatron
What's New in LimeSurvey 3.17.3+190429
3.17.3
Bug Fixes
- SQL Error when saving a response or getting a session token via API
- Batch-edit emails not working properly
- Quota system is showing submit button when quota exceeded
- DbHttpSession brok
- Slider didn't have label
- Persistent XSS for Menu Entries
- Unable to use slider without js
- Group Name and Description do not display on Export to Printable Survey
- Question type file upload in surveys does not work in Internet Explorer 11
- Faulty assignments of query groups when importing participants from LDAP
- error message when using default values and trying to preview or execute survey
- unable to delete label set in grid
3.17.1
Security
- Persistent XSS for question groups
- XSS with file upload
- No control on attachments email files
- Persistent XSS in relevance equation
Bug Fixes
- CDbException when a "default answer" option is not compatible with a question type
- CPDB sharing participant 500 error and language missing
- Detailed admin attachments not set
3.17.0
Security
- XSS in KCFinder
- XSS Attack Vector - export_helper.php
- Update tcpdf to 6.2.25
- Theme admin can delete any directory
Highlights
- Allow event to send core email if redirect after register
Bug Fixes
- When using the short free text with map, the search box doesn't show for users
- Buttons shown without required theme permissions
- Prevent import of survey with SID 0
- Summary Table
- When deactivation survey with debug 1 : receive a CDbException
- Unable to see Survey list
- No translation for breadcrumb text
- CDbException when testing survey
- Start popups add , between string
- Persistent XSS in user group management
- Participant attribute tab shwon in condition editor for anonymized survey-New.*?:\s*
- ComfortUpdate in some configurations not working because CURLOPT_FOLLOWLOCATION is not allowed if safe_mode or open_basedir is set
- Condition editor throw error with invalid var name
- No css difference between resetted with or without default value
- Pie chart labels on statistics PDF are missing
- Reset Boxes use invalid icon
- Unable to reset to a decimal value in slider
- Unable to set debugsql to 1 with php7
- Unable to set mandatory in massive with activated survey
- upgradeTokens176
3.16.1
Security
- relative path allowed in lsa multiple download
Highlights
- Add reference to group relevance
- listifop EM function
- listifop EM function
Bug Fixes
- Php Crash when trying to preview empty group
- Slider "Slider starts at the middle position" and "Slider initial value" settings not working
- Survey logic view -> Open printable view is not showing the correct language version
- Unable to use TOKEN or SAVEDID var in EM twig
- Unable to use TOKEN or SAVEDID var in EM twig
- The countdown does not work most of the time
- Deleting question are not CRSF protected
- Save question before attributes get loaded remove all attributes
- Save question before attributes loaded remove all attributes
- Unable to edit answers whith fields contains a quote
- Deleting a parent Survey Group orphans child Survey Groups, causing Survey Groups List page to crash
- CApcCache enabled gives error 500 when checking data integrity.
- deleting question group are not CRSF protected
- Crash when enabling evaluation on an empty survey
- slider resets when moving backwards with a starting value
3.15.9
Security
- XSS Attack Vector - Participant Attributes
- XSS Attack Vector - Assessment editing
- XSS Attack Vector - CPDB upload
Bug Fixes
- Add first and last name to the "To" of confirmation email
- PHP-function each
- Upgrade to 3.15 SQL Error
- Ranking : no alert when try to put more than answer
- Deletion of responses broken
- EM relevance not being recalculated after conditions changed
- Central participants not exporting
- Better error message than token_id doesn't have a default value
- No information shown after alert withot js, no way to have this managed by theme
- Filter of answers not working
- End-URL doesn't work correctly
- Potential SQL exception when creating a subquestion
- Some question html broke response browsing
- PHP error with Question L on statistic with pgsql
- Setting question as Mandatory does not save attribute
- Error with P type and comment suffix
- Participant view for statistics goes unformatted
- Save button in "Copy survey" panel does not do anything
- Equations or code in questions are visible on statistics
- Letters do not get automatically deleted any longer in only numbers fields
- Take bFixNumAuto and bNumRealValue into account
- 2 delete buttons in template editor
- Display participant failing with specific set permissions
- Empty Create menu shown in token with only view permission
- Error message "division by zero" when "display _columns" attribute is missing, only in debug mode
- PHP warning message when saving new response without uploaded file
- Printable view containe em function instead of values
- Tip for numeric input still show error after fixed
- Wrong encoding specification in R script
3.15.8
Bug Fixes
- Question full index lose color when try submit
- Export responses not working
- {SURVEYRESOURCESURL} show as error in question on survey logic file
- At export page the dropdown list of CSV separators is not translated
- Some IE versions were not properly detected
3.15.7
Security
- possible to delete a broken theme by bait clicking an administrator
- possible to delete a theme by bait clicking an administrator
Bug Fixes
- avoid rare QID colision in checkintegrety
- 500 error just after survey creation
- don't replace question title starting with self or that in expression
- invalid HTML in ranking question
- unable to disable samechoiceheight and samelistheight in ranking
- Printanwers not using evaluated question and helptext
- Slider not always in middle position
- no "loading" icon on survey list page
- placeholder fields can't be inserted and expresions validation doesn't work on edit email templates page
- wrong link to noto italic
- Evaluation of survey statistics generates a query error when using PostgreSQL DB server
- Popover showed multiple times when saving survey
- never same order in Theme list
- Unable to set a different standardthemerootdir than default one
- Unable to use self ot that fixed string in Expression
- 'Ranking' Question same choice height not updated when a expression update choice
- Ranking choice height is to big than needed in case of filter
- * Sort LDAP participant names alphabetically in the survey creation form
- Ranking question totally hang browser with same height
- Improve Ranking speed without same height
- Error exporting PDF with graphs
- On an Active survey, Option 'Other' switched to Off when update question
- error 500 in question list with postgresql
- Statistics - Clear button not working
- Survey summary invalid values for administrator
3.15.6
Security
- XSS in Survey Resource zip upload
- XSS in kcfinder upload
- XSS in theme zip upload
Highlights
- added afterSurveyActivate, afterSurveyDeactivate Plugin Events
Bug Fixes
- Copying survey does not copy survey group
- Empty assessement still shown
- EM send Notice about Undefined offset
- Question full index loose color when try submit
- Database error when trying to define a quota
- Path to preview image broken when creating a custom question theme
- Unpleasant rebound effect when editing questions
- applying filter on CPDB grid disables grid button actions
- Path to preview image broken when creating a custom admin theme
- value, valueNAOK etc … broken with GET params
- Some words used by LS can be used as question codes
- {ASSESSMENT_CURRENT_TOTAL} usage broken in survey
- Validation for multiple numeric input is missing details about "equals sum value"
- When using an existing user name at the "Save and resume later" feature, there is also a wrong warning about a wrong captcha
- When resuming a survey there is a wrong warning about disabled JavaScript and a checkbox for "Please confirm you want..." shows
- Print answers overview shows broken table format and missing details
- Language of Survey is set to default in token form
- TOKEN:ATTRIBUTE_INT not replaced in expression for email and reminder
- Some form can not be submitted if csrfTokenName is updated
- Multi-numeric labels not translated
- potential XSS in browse response + filter subquestion
- Import participant CSV is not possible with surveys update right
- Importing participants from CSV is not possible for user with survey/create global permission
- Top part of drop-down box on participants screen is hidden
- Top part of drop-down box on participants screen is hidden
- Superadmin user rights not stored properly
- Unable to delete old survey or token table
- CDbException when try to set a title with more than 200 caracters
- Error - resetting conditions
- After activating a survey - back to survey home button not working
- Can't add SVG logo images to theme
- Renaming a template with children will break surveys using the inherited template
- Expression manager broken in Bootstrap buttons
- When importing a csv file to the participants table, the UI indicates that double Token values could be allowed
- Unable to update printanswers_head and printanswers_foot via GUI
- Import vv : unable to update only token and/or date
- Themes storage always show 0.0M
- favicon are not loaded in public theme
- Multiple HTML open in printanswers view
- Template can throw error with invalid image
- In theme option : current template is the default one
- Ranking issue with image
- Unable to disable samechoiceheight and samelistheight
- Some file can not be deleted from themes file dir
- Token column is blank when selecting "Not completed" or "Not started" status for token export
- Expressions with array number/checkbox are not reloading properly
- ASSESSMENT_CURRENT_TOTAL is not saved in Equation question type
- Bad ellipsize in question index buttons
- Language changer link goes to home page in token form
- No CSRF control when delete all condition
- No favicon in extended template
- Only partial error shown in logic file
- Save and close in personal settings goes out of limesurvey
- Unclear button in answer edition
- email and launch survey is shown without token in browse participants
- potential notice in checkintegrity
- tokenListActions can be out of screen
- unable to answer to question with relevance with js deactivated
- Can't update by ComfortUpdate if the server has set low max_upload_file size
- ForceAssets error on upgrade from 2.73
- Logo_statistics.jpg as headerlogo was not shown in PDF statistics export if available in admintheme image folder
- Some fonts for Asian languages not properly loaded for PDF output
- Surveymenu breaking
- notice in some cases when importing lss file with debug turned on
- unable to send token email reminders
- wrong sort when exporting survey as txt file
- fixed path to colorPalette for PDF in statistics createChart
3.15.5
Security
- No XSS control when delete a token
Bug Fixes
- wrong translation table in German version
- Cannot delete response urlParam to get
- Database error when trying to define a quota using MS sql server 2012
- When deleting a single response : all page is reloaded and current filter lost
- End Url don't display if survey not activated
- Popover showed multiple times when save survey
- Unable to show help in advanced question settings
- statistics chart tooltip shows incorrect data
- When deleting token attributes the drop down is missing the attribute names
- Tab-separated export of surveys is broken
- When deleting a token : CPDB keep link with survey
- bad column width for array text
- IP address captured for "Resume later" even when disabled
- error during ComfortUpdate upgrade on PostgreSQL database
- ranking_advanced not working
3.15.4
Highlights
- list image in Survey for Brand logo file in Theme option
Bug Fixes
- Survey owner without template edit right can not upload logo
- Multiple logo filename with same url in dropdown
- Some token with existing reponse can send PHP Warning about seed
- HTML quotes not properly decoded in VV export file header
- VV import not working if datestamps are off
3.15.3
Bug Fixes
- Relevance Equation code is missing syntax highlighting and not recognising question variables
- no keyboard navigation available with language changer
- Condition designer doesn't show predefined answers on first load
- Selected survey language for browsing responses was not used in detail view or queXML PDF view
- Update not possible from pre 3.x versions
3.15.2
Highlights
- allow to change config file location
- allow to change config file location, part 2
- configuration option to use a single upload directory for all surveys
Bug Fixes
- new visit on a survey with token deletes last entry
- filtered question with multiple column
- Allow kcfinder use with CHttpSession derived classes
- No languages list when clicking the hamburger icon in Token page
- Broken link on reset button from mass-action response export
- Subquestion incorrectly named 'Sub-question'
- Missing CSS-class "form-horizontal" for multiple-short-text-questions
- Button "Add new question to group" does not work
- Changing invitation/reminder dates for a certain tokens changes the date format at the database
- Wrong survey menu id entry
- Functionality ranking questions breaks with relev…
- Double Quotes are not allowed
- PHP7.2.0 Removed plugins throw error in plugin manager
- Broken question view if sum of width !=12
- Mass action on Survey listing doesn't work on second page
- Unable to use dynamic mindate and maxdate
- Unable to save, clearall
- Long answer options for array question types not line-breaked in mobile view
- Deleting or editing details of a to be attached file at token emails is not doable
- Users without rights to delete tokens can still delete them
- Same choice height work again
- aria-label for warning and error not translated
- broken HTML validatio on welcome page
- class and title broken in array number
- hidden column in multiple short text
- label usage broken in token form
- no "No answser" in list with comment , dropdown
- no label related for Yes No button
- EM variables are shown in red color after survey copy
- JSON editor options to load the right content
- Not possible to save or load saved survey when in anonymized mode
- PHP7 compatibility
- PHP7 compatibility 2
- Survey groups not being wiped
- can't extract large zip file
- child survey group could become parent
- content, whatever its type, was passed to CHtml::encode which expects a string due to lack of encode htmlOption for CHtml::textarea. Also added needed json_encode so that textarea value is a string in the end.
- corrected the icon class on the footer help icon
- datefield from mssql database always contains milliseconds
- more php7 issues fixed
- multiple design issues in question edit
- resumed survey lose saved values after click on "Next"
- unable to check all questions on survey statistics page
- upload to generalfiles fails
- wrong path for adminstyle-rtl.css