Options for exportFormat
You can navigate through the options using arrow keys, the home and end keys. Select the currently highlighted option by pressing enter or space. Right and left arrows will move focus to the next possible option in the list. The Home key will bring focus to the start of the list and the END key to its end. Up and down arrows allow you to navigate quickly to the start of option categories.
Office Formats (1)
Export as Portable Document Format (PDF) using the Web Browser
If a minimum value was configured in an input field by another data type and then changed to the regular expression data type, the minimum value is no longer checked, but now the stored regular expression.
Workflow Designer
With the Word Fill action, uploaded images from dynamic upload elements are displayed correctly again.
When saving the workflow, the user who last edited the form is updated in addition to the modification date.
For workflow actions of the type database query and LDAP query with parameters in the form of a question mark, the specified values for the parameters are now transferred to the query in the order entered. With more than 9 parameters, the 10th parameter was transferred between the 1st and 2nd parameter due to incorrect sorting.
A problem with the workflow action of the type PDF fill has been fixed, where some Unicode characters such as umlauts or other characters could not be inserted into the PDF. This is now possible again if the font used supports this.
The Word fill functions rmr(), rmtp(), rmp() and rmt() now also delete if no argument has been specified and the value to be checked is empty. After updating a form, the configuration of a Word Fill action is now correctly applied again.
Inbox
An error in the creation of project-specific mailbox views has been fixed.
Backend
With the "Azure AD" authenticator, all user groups are now read from the AD. Previously, the query of user groups was unintentionally limited to 20.
When sending many forms with appointment selector at the same time, it could happen that several appointments with the same date were booked. * This has been adjusted so that double bookings are no longer possible.
Forms with tags can once again be updated correctly with a form export that uses the same tags.
As a precation, update some dependencies due to the reported vulnerabilities CVE-2023-33201, CVE-2023-34623, and CVE-2023-34462. Note however that we are not aware of any attack vectors regarding Xima® Formcycle currently.
For plugin developers
You can now access header parameters from the HTTP request in plugins such as pre-render plugins. To do so, use the newly added method "IFormRequestContext#getHeaderParameters()".
Select elements that are added to the form via drag & drop always use the default select options again ("Option 1", "Option 2", "Option 3"). Due to an error in version 7.4.3, the options from a previously created select element were used occasionally.
Fixed an error where the workflow designer could not be opened anymore when the selected authenticators of a state were previously saved in an incorrect manner by the application.
Pages cannot be moved below the footer area anymore in the form designer. Additionally, you can fix forms with pages under the footer area by dragging the page with the mouse and dropping it onto the footer area. This will put the the page above the footer again.
Workflow
Fixed an error in the PDF fill action when a specific font is selected. For fonts with an old font format, the PDF fill action sometimes failed with an error.
Identity provider plugin with a custom user interface work correctly now, even when installed as a client plugin.
Misc.
Updated several dependencies to prevent potential vulnerabilities.
Fixed an error when sending mails via the system mail server. Once the system mail server settings were saved once, mails could not be sent anymore, and a server restart was required.
Permissions when writing files to the file system are also inherited properly now when the old workflow is used.
Fixed an error when updating a form. The error occurred when the uploaded form contained a workflow version with the same technical ID as an existing version.
Options for select elements from plugin catalogs are not extended with the default options anymore. For example, when a select field had two options, the third default option with the name "option 3" was added.
Previously, you could already use certain types of placeholders in database and LDAP queries. Now you can also make use of user placeholders such as [%USER.id%] or [%LAST_USER.id%]. If a database or LDAP query is initiated via AJAX from a web form, it is important to send the current ID of the form session via the frid parameter for this to work. The code editor offers a code template for database and LDAP queries which already contains this parameter.
In the appointment management menu, you can now enter a custom subject and description, which is used for the events in the ICAL calendar file for an appointment. You can also enter placeholders or I18N variables.
Form designer
When you choose a data source (e.g. database or LDAP query) for the options of a select element, you can now also configure a column for the title of each option, in addition to the display label and value of the option. When the select element is displayed as a list of checkboxes or radio buttons, the title is shown to the user when they hover over an option with the mouse.
In previous FORMCYCLE versions, the values of all columns from a data source were always added to the select element as data attributes (e.g. data-col0, data-col1). Now you can deactivate this behavior so that such attributes are not generated any longer. This may be useful in case the data source contains sensitive data you do not want to make public.
Changes
Backend
For each appointment, you can enable the ICAL URL which contains all booked appointments and can be imported into mail clients or calendar applications. This ICAL calendar now includes the fields X-PUBLISHED-TTL and REFRESH-INTERVAL. This makes it easier for mail programs and calendar applications to decide how often they should check for updates. Currently, this value is set to 1 hour.
The menu System -> Server information now also list the malware scan directory, which is used to store uploaded files temporarily when the system performs a malware scan.
Workflow
Due to security concerns, merge fields are not interpreted as HTML anymore when using the workflow action "Word Fill". If HTML is required, use the Word function "html" explicitly, e.g. "tf1.html()".
Form designer
When you add a condition to a form element (e.g. hidden-if), you can already enter a custom formula such as [%tf1%] == "Test". Starting with FORMCYCLE 7.4.0, this formula can now access the JQuery instance of the current element via the this context. This is especially useful for repeated elements, when you want to access the current element repetition or another element within the same repeated container. For example, if both tf1 and sel1 are form fields within a repeated container fs1, then you can use the formula this.closest(".dynamic-row").find("[data-org-name='sel1']").val() === "5" for tf1 in order to check whether the corresponding select field from the repeated container sel1 has a value equal to 5.
Fixes
Backend
Form export files with a manually created state that was named Received can now be imported correctly again.
Various small bug fixes and security improvements. In particular, used libraries were updated for this purpose.
Frontend forms
External users from an OpenID Connect identity provider can now log in to web forms again even when they open the form on a frontend server.
The automatic upload feature for upload elements works correctly again even when forms are integrated via AJAX into a third-party page.
When a form contains an appointment picker and server-side validation was enabled for any element, the selected appointment got cleared in case the form was submitted with invalid data and the server rejected the form submission. This has been fixed so that the selected appointment now remains selected.
When an element is repeated, you can defined a repeat trigger such as a text field that controls the number of repetition. When a new repetition is added, the value of the repeat trigger text field is updated, and vice-versa: When a different number is entered in the repeat trigger field, new repetitions are added or existing repetitions are removed to reflect the new value of the repeat trigger. In the first case, when new repetitions were added, the initial state of conditions such as hidden-if for the new repetition were sometimes not evaluated correctly.
Affects select elements for which the autocomplete option is enabled:
FORMCYCLE generates an <input> element in addition to the <select> element. The name of the <input> element contains the suffix _autocomplete. (e.g. sel1_autocomplete), but the data-name attribute did not. This was fixed so that the data-name now also contains the derived name with the suffix.
Since FORMCYCLE 7.0., when a condition references an autocomplete element, the entered text of the input field was erroneously used instead of the option value. For forms in multiple languages, this could not work. This was fixed so that the option value is now used. To preserve backwards compatibility, a new option was added to the form designer that can be found in the properties panel to the right, at the bottom of the Form tab in the advanced section: Use option text for conditions referencing an autocomplete element. For existing forms, this option is enabled; for new forms, this option is disabled. We recommend that you keep this option disabled and do not enable it.
Form designer
Fixed a bug where the CSS classes of the most recently selected element was applied to all selected elements. This bug only occurred when multiple elements were selected at the same time.
The setting for the W3C compliant mode now defaults to disabled for old forms again. It is still enabled by default for new forms.
Workflow
The dialog for loading unsaved changes is now closed again after you press a button.
When executing an HTTP request action and the server responds with a redirect (HTTP header: Redirect) and the redirect is a relative URL, that URL is now resolved against the request URL. This is correct as specified by RFC 7231. Previously the URL was not resolved at all.
There is also a new option that lets you choose how to resolve relative URLs: against the request URL, against a custom URL, or not at all.
For plugin developers
You can now access the data of the current form request session ("FRQSession" ) within plugins of type IPluginFormPreRender, IPluginFormPrePersist, IPluginFormPreProcess, IPluginFormPreResponse as well as in workflow action plugins and possibly also placeholder plugins. Furthermore, you can also write values back to the FRQ session via the return value of IPluginFormPreRender, IPluginFormPrePersist, IPluginFormPreProcess, IPluginFormPreResponse, and workflow action plugins.
Plugins of type IPluginFormPreRender are usually only executed when a form is opened via the /form/provide URL. Now you can opt-in to have your plugin get executed in other situations as well, such as when opening a form in the inbox or when printing a form via a print services. To do so, override the shouldExecute method of the IPluginFormPreRender plugin.
Support for sending emails via via the Microsoft Graph API. This lets you use Microsoft Office 365 accounts for the email server configuration. See system email server and client settings
Added a new URL parameter jsonPath to data query URLs (CSV, XML, JSON, database, and LDAP data sources). These URLs all return a JSON object with the requested data. When a jsonPath is given, only the data at that JSON path is returned. This makes it easier to filter for the data which you want to retrieve.
The form designer lets you configure whether a form element is available or not, depending on the form record's state the user's user group. When it is not available, the value of that element is not shown in the data table in the inbox. A new role permission was added that lets you configure this behavior. When a user was granted that permission, they can see the values of all form elements, regardless of whether they are available.
Changes
Improved support for direct authentication methods for forms (e.g. via header parameters):
When the user open a form, an attempt to authenticate the user is made once for each configured direct authentication method.
In case neither direct authentication was successful, and if at least one indirect authentication method (e.g. system login) was configured, the login prompt is shown to the user.
In case neither direct authentication was successful, and no indirect authentication methods were configured, the HTML template Login failed is shown to the user.
Replace the existing XSLT engine with a newer engine. The new engine now also supports XSLT 3.0, XPath 3.1 and XQuery 3.1. Because the XSL parser of this engine works a bit stricter than the old engine, small incompatibilities with wrong XSLT may be possible. An overview of known errors can be found under XSL transformation
Rework the mail server configuration and mail server placeholders:
As the system administrator, you can allow each client to, or prevent them from making use of the system mail server.
As the system administrator, you can allow each client to, or prevent them from configuring a custom client mail server.
The default values form the system mail server for the sender address and the sender name can now also be changed by each client.
The placeholders [%$CLIENT_MAIL_SENDER%] and [%$CLIENT_MAIL_SENDERNAME%] are now deprecated. You should use the placeholders [%$DEFAULT_MAIL_SENDER%] and [%$DEFAULT_MAIL_SENDERNAME%] instead. The deprecate placeholders are still replaced, but should not be used anymore.
When neither a client nor a system mail server was configured, or the system mail server cannot be used, workflow actions that require a mail server are not available anymore.
Fixes
Frontend forms
Fixed an error with disabled fields when an existing form record is opened again.
Fixed an error when multiple JavaScript files are concatenated if a form is opened with inline mode enabled (URL parameter xfc-rp-inline=true).
Forms which require a direct authentication (e.g. via a header parameter) are now displayed correctly again.
The appropriate error template is now shown again when a form requires authentication via Kerberos and that authentication failed.
Fixed an error with visible-if conditions when the element is also repeated.
Fixed an error with the login process when the form was embedded in an external page via AJAX and a login service with popups was used.
Form designer
Allow the data-force-validation attribute in the form preview within the designer.
Better error handling for invalid autonumeric attributes when opening a form.
Workflow
Fix an incompatibility with the workflow action "Process log as PDF" where the action from existing forms was sometimes not recognized.
Fix a rendering error when printing a web form. A printed form sometimes contained tall empty sections when invisible containers were used.
Fix a bug in the Word fill action. When a PDF was using hidden Word controls, the base64img function did sometimes not insert the image correctly.
Inbox
Fix localization for the event status of when using the iCAL URL for an appointment configuration.
Remove the limit on the number of characters in form specific inbox views.
When you change the subject template form record, all form records are update. This update no longer fails when the subject of single form record could not be update. All other form records will still get updated now, and an error message is displayed at the end.
Values from question elements are now shown properly in the inbox; and are also included in Excel and XML exports.
Two new action for converting between files, base64 strings, and data URIs. This can be helpful e.g. when you want to embed images into a document as a data URI.
You can now set the HTTP headers Content-Security-Policy and Content-Security-Policy-Report-Only via System, General. It is possible to set different headers for the frontend and the backend.
Changes
You can now directly change the name, tags, description and group of a form when you import a form into Xima® Formcycle.
Reduce verbosity of protocol entries for soft errors when a file could not be resolved in the workflow.
It is possible to send automatic emails when the system is updated. When an update is started, but the system is already up-to-date, a different email with an appropriate text is now sent.
The PDF importer now lets you change the text of checkboxes and radio buttons before you import the form element into the form.
Fixes
Frontend-Formulare
Buttons that are disabled do not get enabled anymore after the form was submitted
Improved keep alive mechanism for form session.
The generated script for embedding forms via the API now also works in the header of a web page.
Form designer
Auto completion for the CSS classes in the form designer now works again for all available classes.
Fixed minor error with the presentation of the form within the form designer (relative URLs from @font-face rules are again resolved against the proper base URL)
Changes in the rich text editors are now applied faster.
When the builtin resource 031-extended-min.css is overloaded, this overload is now also respected within the form designer, so that the form looks the same in the designer.
Workflow
When you use the action PDF fill to fill PDF documents that conform to the PDF/UA standard, the resulting PDF document also conforms to the PDF/UA standard.
Inbox
Exporting selected form records as Excel or XML document is now possible again.
Fixed a performance issue with many form records in the inbox.
Booked appointments in the calendar view of the inbox are shown with colors again.
Backend
Update Dutch translations.
Small UI fixes in the backend and the designer.
Update the dependency commons-text to 1.10, due to the potential vulnerability CVE-2022-42889.
Improved security for the form designer and the backend in general.
For plugin developers
Authenticator plugins (IPluginAuthenticatorType) can now supply a custom UI for the external users configuration in the backend.
When a IPluginCallbackLogic plugin is used, the default allback logic is not executed anymore, only the callback logic of the plugin.
You can now open a PDF document in the form designer. This opens the PDF importer, which lets you copy form fields and texts from the PDF to the Xima® Formcycle form. The importer also offers several convenience features to help you with the conversion of PDF forms to web forms.
The invisible container is similar to the standard container element. The main difference is that by default, the invisible container does not have a padding on each corner. In other words, you can nest as many invisible containers as you want to group elements without that having an effect on the visual appearance of the form.
If you are using the Leitfaden plugin, you should update it to the current version. The invisible container element from the plugins is replaced by the built-in invisible container from Xima® Formcycle.
Previously, form field conditions such required-if or visible-if only let you select a single form element with a value to check. Now, you can also enter a custom formula that may contain references to multiple form elements.
The formula must be a valid JavaScript expression (and not a statement). You can use variables such as [%tf1%] to easily reference the values of form fields.
Note: Custom formulas are incompatible with server validation. Even if server validation is enabled, custom formulas are not validated by the server, submitted data will be accepted at face value.
A select element displayed as a combo box offers you the option to enable auto complete. Auto complete lets the user enter text and suggests available options depending on the entered text. Available options are validates, the user cannot enter text that does not correspond to an available options.
This release adds a new option to select elements that allows the user to enter arbitrary text, even if that text does not correspond to an existing option.
This action lets you create protocol entries for the form record with a custom message. These protocol entries can be viewed in the history tab of the inbox.
Until now, the HTTP request action only let you send requests where the body was either URL encoded (application/x-www-form-urlencoded) or a multipart body (multipart/form-data).
Now you can either freely enter plain text or select a binary data for the request body content. You can also use this feature, for example, to interact with a JSON based REST API.
Changes
The license details in the license menu now also include a note about whether the Azure AD and WebDAV features are enabled.
Email notifications regarding failed system updates are now sent with their priority set to High.
Modifications made to WebDAV connections (creating a new connection, editing or deleting an existing connection) are now logged in the client protocol.
WebDAV connections cannot be deleted anymore when they are still used by the workflow of an existing form.
When a proxy server was configured in the JVM (Java runtime environment), that proxy server is used when sending emails via the email action, unless a different proxy server was configured explicitly.
You can disable this behavior via the application propertydefaults.http.use_system_properties.
Removed the option that was added in version 7.1, which let you output the select options of select elements in multiple columns when creating a Word export. In order to position the select option in multiple columns, an additional table was created in the Word document, which interfered with Word functions such as rmt(), as those would affect the additional table with the select options, not the surrounding table as they did previously.
Fixes
Backend
Fixed file downloads in various menus in the backend. Downloading a PDF or Word export in Firefox does not result in a popup warning anymore.
You can now use more than one reply to address again in the email action. Also fixed the email body type selection.
Issues when deleting planned timedevents of form copies were fixed.
Invalid application sessions do not prevent new logins anymore.
Form record from forms that make use of widget plugins can now be opened on the inbox frontend server again.
Due to backwards compatibility, the no-argument usage sel1.con() of the Word functioncon nows gets interpreted as sel1.con(""), and checks whether one of the field values is empty. This is for legacy support only, we recommend that for newly created Word documents, you always use quotation marks to avoid ambiguity.
Additionally, you can now also use the new Word function sel1.empty(). It lets you check whether there are either no values or one of the values is empty. We recommend you use this function for select elements to check whether no or an empty value was selected.
Minor UI fixes in backend menus.
Form designer
Fixed issues when searching for form elements in the form designer.
Fixed minor issues with how the form was displayed within the form designer and how CSS was loaded. There are also new versions of some widget plugins that should be installed, such as for the Google reCAPTCHA Plugin.
When switching from a custom CSS theme to the defaul theme, that theme is now applied immediately to the form in the form designer.
All available CSS classes are now suggested again when entering the CSS classes for a form element.
Frontend forms
When a form made use of upload fields with the automatic upload features enabled and also had a button with the action Submit no save, it was not possible to submit the form again after the submit button was clicked once. This is now fixed.
The client-side validations is now performed always performed, even when a form had a button with the action Submit no save and is submitted multiple times.
The marker that indicates whether a form field is a required field is now always set correctly, even when required-if conditions are combined with element repetitions.
For plugin developers
Added a new plugin interface: IPluginAuthenticationLogic. The existing plugin interface IPluginAuthenticatorType only works for form authentications that are done before the form is opened. Once authenticated, the user is always redirected to the requested form. This new plugin interface lets you define your own authentication logic, including custom redirections. For example, you could use this to implement custom login buttons for forms.
The plugin IPluginAuthenticatorType now also allows direct clients to be used, which authenticate the user directly without redirecting to a page from the identity provider. This allows you, for example, to implement a custom authentication via HTTP request headers.
Updates Pac4J to version 5.5.0. You should check authentication plugins that make use of the Pac4J API and adjust them if required.