MachForm 22 Released. Security Update.

MachForm 22 is now available for download on Billing Area. This release brings important security updates and bug fixes. We STRONGLY encourage you to update your MachForm immediately.

Security Updates

  • Remote Command Execution. We have addressed a potential vulnerability that could allow remote command execution under specific conditions.
  • Cross-Site Scripting (XSS). We have resolved an issue related to cross-site scripting.

Technical Details

The technical details of these vulnerabilities will be published later in the CVE database. We will update this post with the corresponding CVE IDs once they are available.

(UPDATE) List of published CVE IDs:

Acknowledgments

We would like to extend our gratitude to Luca Bertaccini for his diligence and expertise in identifying these vulnerabilities.

PHP & MySQL Version Requirement

MachForm v22 requires the minimum version of PHP on your server to be at least PHP 7.4 and MySQL version at least MySQL 5.7. If you’re still using an older version, you’ll need to upgrade your PHP and/or MySQL version first.

How to Update

This update is FREE for all users with an active support contract.
As mentioned above, you can download it in the Billing Area.

Follow this upgrade instruction:
Upgrading MachForm Self-Hosted 

MachForm Cloud Users

If you’re subscribed to any of our MachForm Cloud plans, no further action is required on your part. We automatically update the MachForm version for all our cloud users with the latest version.

MachForm 21 Released. PHP 8.3 Compatibility.

Howdy folks!

PHP 8.3 was officially released to general availability on November 23, 2023. It is a major update of the PHP language and contains many new features and performance improvements.

Today, we’re happy to let you know that we’ve just released MachForm 21, which is fully compatible with PHP 8.3.

PHP 8.3 Compatibility - MachForm

 

The new version of MachForm (version 21) is now available for download in the Billing Area.

PHP & MySQL Version Requirement

MachForm v21 requires the minimum version of PHP on your server to be at least PHP 7.4 and MySQL version at least MySQL 5.7. If you’re still using an older version, you’ll need to upgrade your PHP and/or MySQL version first.

This is a maintenance release and we recommend upgrading if you’re using PHP 8.3.

Changelog

  • Update: PHP 8.3 Compatibility
  • Update: Replaced the deprecated Swiftmailer library with PHPMailer for sending emails
  • Update: Now uses “UTF8MB4” as the character set for MySQL tables, to support emojis in form fields
  • Bugfix: The Rating widget on the shared report doesn’t display correctly
  • Bugfix: Unable to use ‘&’ on form redirect URL
  • Bugfix: Approval conditions don’t work on reports and exports

How to Update

This update is FREE for all users with an active support contract.
As mentioned above, you can download it in the Billing Area.

Follow this upgrade instruction:
Upgrading MachForm Self-Hosted 

MachForm Cloud Users

If you’re subscribed to any of our MachForm Cloud plans, no further action is required on your part. We automatically update the MachForm version for all our cloud users with the latest version.

MachForm 20 Released. Require Form Users to Login with OTP.

Howdy, folks! 🙂

Ever needed to create private forms that collect sensitive information and allow access only to a specific list of users? Now, you can easily do this with MachForm v20!

 

Form Requires User Login

 

In addition to the existing functionality that lets you set a password for your forms, you can now specify a list of users (using their email) to restrict access to your form.

 

Restrict Access to Form

 

Any user attempting to access the form will be required to log in before they can view and submit it. Users will be prompted to log in using their email and a one-time password (OTP) sent to their email.

 

Form OTP

 

Combine this new functionality with the “Data Encryption” feature on your form, and you’ll have very secure forms built in minutes!

The new version of MachForm (version 20) is now available for download on Billing Area.

PHP & MySQL Version Requirement

MachForm v20 requires the minimum version of PHP on your server to be at least PHP 7.4 and MySQL version at least MySQL 5.7. If you’re still using older version, you’ll need to upgrade your PHP and/or MySQL version first.

We strongly recommend upgrading due to improved compatibility and bugfixes within this release.

Changelog

  • Feature: Require form users to login before submitting forms
  • Feature: Added option to do range limit by ‘digits’ on Single Line Text field, to accept only numbers and allow leading zeros
  • Feature: Added option to set max rows per page on entries page
  • Improvement: Form builder page now able to fix and cleanup malformed HTML tags
  • Improvement: Added option to specify MySQL SSL Cert and custom port number
  • Improvement: Automatically-enabled CAPTCHA and submission limit on form receiving high amount of bot submissions
  • Improvement: Allows advanced CSS on theme editor to use @import statement
  • Update: Removed ‘Javascript jQuery’ embed code
  • Update: Added configuration to enforce backend tables to use MyISAM engine
  • Update: On forms having CAPTCHA enabled, CAPTCHA is now enforced on every submission, not just the first one
  • Bugfix: On the form manager page, the search doesn’t work properly when the form is having character ‘#’ as part of the title
  • Bugfix: Syntax error on mf.js, particulary inside the try..catch block, preventing the form from being loaded on web view of windows app
  • Bugfix: When success message contains any HTML tag, it won’t be enclosed with H2 tag to allow custom formatting
  • Bugfix: Dompdf compatibility with PHP 8.1
  • Bugfix: Export entries failure on some specific conditions when entries are sorted
  • Bugfix: Digits validation on Number field can be bypassed using leading zeroes
  • Bugfix: User able to submit additional multiple payments (Braintree, Authorizenet) on existing entries
  • Bugfix: Major incompatibility change with new Stripe API as of version 2023-08-16. Related with payment_method_types parameter
  • Bugfix: User shouldn’t be automatically logged-in after doing password reset
  • Bugfix: Unable to save form edits due to ‘column already exist’ SQL error
  • Bugfix: Image alignment not being set on PDF and email content
  • Bugfix: Entries not being highlighted correctly when selected
  • Bugfix: “X-Forwarded-For” header abused by spam bots to bypass ip address submission limit
  • Bugfix: Validation to disable future dates selection on date field is not working

How to Update

This update is FREE for all users having an active support contract.
As mentioned above, you can download it on Billing Area.

Follow this upgrade instruction:
Upgrading MachForm Self-Hosted 

MachForm Cloud Users

If you’re subscribed to any of our MachForm Cloud plans, there is no further action required on your side. We automatically update MachForm version on all our cloud users with the latest version.

MachForm 19 Released. PHP 8.2 Compatibility.

Howdy folks!

PHP 8.2 was officially released to general availability on November 24, 2022. It is a major update of the PHP language and contains many new features and performance improvements.

Today, we’re happy to let you know that we’ve just released MachForm 19, which is fully compatible with PHP 8.2.

PHP 8.2 Compatibility - MachForm

 

The new version of MachForm (version 19) is now available for download on Billing Area.

PHP & MySQL Version Requirement

MachForm v19 requires the minimum version of PHP on your server to be at least PHP 7.4 and MySQL version at least MySQL 5.7. If you’re still using older version, you’ll need to upgrade your PHP and/or MySQL version first.

We strongly recommend upgrading due to improved compatibility and bugfixes within this release.

Changelog

  • Update: PHP 8.2 Compatibility
  • Update: Updated Braintree integration to use Hosted Fields
  • Update: Hidden fields can now be used to define prices
  • Update: Improved paginations on the form manager page
  • Update: Improved form search on the form manager page when having large forms (more than 500 forms)
  • Update: Added Stripe configuration for ‘Set Up Cards for Future Use’
  • Update: Updated front-end forms jQuery library to v3.6.0
  • Update: PHP sessions for admin panel is now using database handler
  • Update: Multiple failed attempts on Stripe page will now invalidate the session, to protect against malicious user
  • Update: Improved merge tag information on notification settings page
  • Bugfix: Entering incorrect date filter on entries page when using MySQL 8 generates error message
  • Bugfix: Importing form from previous version is generating error
  • Bugfix: Newer version of Chrome (v102+) blocked redirect to PayPal page when the form being embedded
  • Bugfix: On entries page, row not being highlighted when selected
  • Bugfix: Address results on email doesn’t display correctly
  • Bugfix: When using PHP 8 and a form is being disabled, entries and other settings can’t be accessed
  • Bugfix: State dropdown on address field doesn’t align correctly when using non-default themes
  • Bugfix: Large paragraph text aren’t being rendered correctly on PDF
  • Bugfix: Entering second without leading zero on Time results to a validation error
  • Bugfix: Date validation generate error message when user entered non numeric values
  • Bugfix: Merge tag for signature field not generated properly when the value is empty
  • Bugfix: In some cases, password reset email is not being sent when “reply to” header not exist
  • Bugfix: Rating field not displayed when the field labels are set to left/right
  • Bugfix: On server with zlib.output_compression enabled, downloading file generate a zipped file due to lack gzip header
  • Bugfix: Editing an entry removes the state selection
  • Bugfix: MF_LDAP_MAIL_ATTRIBUTE not working when using LDAP
  • Bugfix: In some cases, file upload doesn’t work due to session expiry, specifically when users took a long time to complete a form
  • Bugfix: Added MF_OPENLDAP_GROUP_BASEDN on config.php file
  • Bugfix: Rating field not imported when using the form import option
  • Bugfix: Edit entry page generate invalid CSRF message when there is validation error

How to Update

This update is FREE for all users having an active support contract.
As mentioned above, you can download it on Billing Area.

Follow this upgrade instruction:
Upgrading MachForm Self-Hosted 

MachForm Cloud Users

If you’re subscribed to any of our MachForm Cloud plans, there is no further action required on your side. We automatically update MachForm version on all our cloud users with the latest version.

MachForm 18.1 Security Release

MachForm 18.1 is now available for download on Billing Area. This is a critical security release for previous versions, particularly for those running Apache web server with a specific configuration. We STRONGLY encourage you to update your MachForm immediately.

Detailed information regarding the security issue will be published later. This is necessary, so that other MachForm users will have enough time to update their installation.

How to Update

This update is FREE for all users having an active support contract.
As mentioned above, you can download it on Billing Area.

Follow this upgrade instruction:
Upgrading MachForm Self-Hosted 

Update Support

If you, for any reason, can’t update your MachForm to v18.1, or you don’t have an active support contract, we can send you a patch for your current version. Simply contact us directly and we’ll assist you further.

MachForm Cloud Users

There is no further action required on your side. MachForm Cloud is not affected with this issue.

MachForm Cloud supports GDPR compliance with the new European Data Center!

We’re thrilled to announce the launch of our new European data center, located in Frankfurt, Germany. This new data center helps our customers maintain privacy standards while also creating new opportunities for companies with data residency requirements.

This launch means that all new MachForm Cloud customers can choose the location of the data center region during the signup process. While existing MachForm Cloud customers will be able to migrate their data into our Europe datacenter.

If you need help migrating your forms to use our new Europe data center, please open a support ticket and we’ll assist you further!

MachForm 18 Released. Mobile-friendly Admin Panel

All forms generated by MachForm have been responsive, mobile-friendly design, since a long time ago. However, the admin panel dashboard never receives an update on this area.

Mobile-friendly Admin Panel

Today we’ve improved the admin panel dashboard and made it accessible through mobile devices. You can easily access your forms and data using interfaces optimized for your smartphone.Mobile Friendly Admin Panel

You still can’t build/edit your forms through the mobile-friendly interface but you can easily access your form entries (edit/delete) or change settings (notifications) or approve/deny entries when you have the approval workflow feature enabled.

Customizable Address Field

We’ve also made some improvements with the address field.

We received many feedback (a lot of it!) regarding the subfields label placement and now we’ve moved the subfields label to be above the field (instead of below). This should avoid any confusion with your users when filling the address field.

New Address Field

You can also completely adjust the subfields labels and individual subfield visibility! You can choose to show/hide any part of the address field.

Address Field Visibility

So here you go, a fully customized Address field 🙂

These new features are part of the latest version of MachForm (Version 18) which we’ve just released today and it is now available for downloads on Billing Area.

This update added several new features, improvements, and bug fixes. We recommend you to upgrade due to improved functionalities within this release.

Changelog

  • Feature: Mobile-friendly Admin Panel Dashboard
  • Feature: Fully Customized Address Field Labels and Visibility
  • Update: Added Romanian Lei currency
  • Update: Added Kosovo into the country list
  • Bugfix: Using empty date as condition on entries page display error message under MySQL 8
  • Bugfix: “Admin only” dropdown fields doesn’t populate the option when creating the filter on entries page
  • Bugfix: Updating Dropdown/Multiple Choice values doesn’t update keywords on Logic rules and report filters as well
  • Bugfix: On a form with ‘edit entry’ enabled, file upload fields always display “required” error message on live form edit entry page, even if there is file exist already
  • Bugfix: Garbled email content (raw text) when running under PHP 8.x
  • Bugfix: Edit link doesn’t work when form limit submission enabled and reached the limit
  • Bugfix: Filtering entries using the first field on the form as the condition doesn’t work
  • Bugfix: Chrome and Firefox blocked cross domain session cokies. Embedding forms across different domain caused session expiry issue
  • Bugfix: Pressing enter on ‘decrypt entry’ dialog generate some error message

How to Update

This update is FREE for all users having an active support contract.
As mentioned above, you can download it on Billing Area.

Follow this upgrade instruction:
Upgrading MachForm Self-Hosted 

MachForm Cloud Users

If you’re subscribed to any of our MachForm Cloud plans, there is no further action required on your side. We’ve automatically updated MachForm version on all our cloud users with the latest version. You can use the new features right now!

MachForm 17 Released. New Rating Field!

Howdy folks! 🙂

We’ve been working hard since our last update and I’m happy to let you know that we’ve added several exciting new features into MachForm!

New Rating Field!

Most of you most likely have been using the Multiple Choice field to collect feedback from users, which works great but is quite basic. You can now do the same thing with a more visually appealing field, the Rating field!

New Rating Field

The rating field is highly customizable. You can collect 1-10 ratings using several types of icons (star, heart, thumb, etc). You can add rating labels underneath the rating icons.

Rating Field Options

You can also use the rating field when building logic on your form.

Rating Scorecard Widget

Once you’ve collected those feedback from your users using the Rating field, you can now easily display the result using the new Rating Scorecard widget under the Report section of your form.

Rating Scorecard

You can choose to show/hide the rating bars, total entries, title and even filter the entries being used to generate the rating scorecard.

Keyword Blocking

In addition to the spam protection option (CAPTCHA), you can now enable Keyword Blocking on your form to further protect your form from spam submission.

Specify keywords that you believe are being used for spam and your form will automatically discard any submission containing any of the keywords.

Keyword Blocking

 

Approval Workflow Email Customization

Yes, finally, just like the email content template that is fully customizable, you can now also customize the approval workflow email and use merge tags!

Approval Workflow Email Template

These new features are part of the latest version of MachForm (Version 17) which we’ve just released today and it is now available for downloads on Billing Area.

This update added several new features, improvements, and bugfixes. We recommend you to upgrade due to improved functionalities within this release.

Changelog

  • Feature: New Rating Field
  • Feature: New Rating Scorecard Report Widget
  • Feature: Keyword Blocking on form submissions
  • Feature: Customizable Approval Workflow Email Content
  • Feature: Recent Emails suggestion on email entry page
  • Feature: Entries Grid widget now support filtering
  • Update: PHP 8.1 Compatibility
  • Update: MySQL errors will be logged into PHP error log file
  • Update: Improved accessibility for screen readers on error messages and grouped fields
  • Update: Grid widget now will display all selected columns
  • Update: Added option to pass user and password to bind Active Directory (user:pass@ldap-hostname)
  • Update: Removed Deprecated PayPal Pro REST API for new forms
  • Update: Added option to force clear entries filter using “clear_filter=1” parameter on entries page
  • Bugfix: Forms having signature fields doesn’t display submit button on review pages
  • Bugfix: The “delay notification until paid” option doesn’t work properly on a form having payment and approval enabled at once, logic notifications and integrations doesn’t work
  • Bugfix: “Todays entries” count doesn’t reset correctly
  • Bugfix: “Session expired” error on payment pages for Authorize.net, Braintree, PayPal REST
  • Bugfix: “ID required” error on payment pages
  • Bugfix: Unable to approve entry on view entry page
  • Bugfix: Field logic conditions doesn’t consistently ignore HTML tags
  • Bugfix: Unable to import form from previous versions
  • Bugfix: Empty merge tag for signature field doesn’t generate empty data
  • Bugfix: Some tables not being cleared when a form being deleted
  • Bugfix: Disabled/deleted forms still able to accept payments
  • Bugfix: Edit link shouldn’t be prompted for form password any longer
  • Bugfix: The PDF export on entry page is missing the form title

How to Update

This update is FREE for all users having an active support contract.
As mentioned above, you can download it on Billing Area.

Follow this upgrade instruction:
Upgrading MachForm Self-Hosted 

MachForm Cloud Users

If you’re subscribed to any of our MachForm Cloud plans, there is no further action required on your side. We’ve automatically updated MachForm version on all our cloud users with the latest version. You can use the new features right now!

MachForm 16 Released. PHP 8 Compatibility and Security Release.

Howdy folks!

PHP 8 has been officially released to the general availability on November 26, 2020 which offers big performance improvement. It is a major version update with a large number of changes that break backward compatibility and many features that were deprecated within the PHP 7.x feature releases have been officially removed.

Today, we’re happy to let you know that we’ve just released MachForm 16, which is fully compatible with PHP 8.

 

PHP 8 Compatibility - MachForm

 

The new version of MachForm (version 16) is now available for downloads on Billing Area.

Security Updates

MachForm v16 also include updates to fix the following security issues:

  • HTTP Host Header Injection
  • Cross-Site Request Forgery (CSRF)
  • Unauthenticated HTML File Upload / Extension filter bypass
  • Unauthenticated Unrestricted File Upload Remote Code Execution

Thank you to Derrie Sutton of Tenable, Inc. for privately disclosing the vulnerabilities above and provide us time to fix the issue.

The advisory providing more technical details regarding the issue is available here:

https://www.tenable.com/security/research/tra-2021-25

PHP Version Requirement

MachForm v16 requires the minimum version of PHP on your server to be at least PHP 7.2. If you’re still using older version, you’ll need to upgrade your PHP version first.

We strongly recommend you to upgrade due to improved compatibility and security updates within this release.

Changelog

  • Update: PHP 8 Compatibility
  • Update: Faster loading time upon login, particularly on instance having large amount of forms
  • Update: User having “Edit Form” permission is now able to manage access to the associated form
  • Update: Removed standard file upload. File uploads now using advanced uploader
  • Update: Added hostname to the QR Code generated for 2-step-verification, to allow adding multiple instances of MachForm to auth app
  • Update: Updated Dutch translation file
  • Update: Updated front-end forms jQuery library to v3.5.1
  • Update: Smoother iframe scrolling on embedded form
  • Security: HTTP ‘Host’ header injection
  • Security: Prevent CSRF by using CSRF Token and “SameSite” Cookie
  • Security: Removed unused file that can be used for open redirect
  • Security: Changed file upload default behaviour to block all file types, unless otherwise allowed within the whitelist
  • Bugfix: Unique field caused validation problem when “Allow user to edit completed entry” enabled
  • Bugfix: Form with single checkboxes field considered as duplicate entries even though user selected different values
  • Bugfix: Suspended users shouldn’t be displayed within the access list on form info page
  • Bugfix: When “Allow user to edit completed entry” enabled on form with single page, clicking “Open Blank Form” generate error
  • Bugfix: Field having HTML characters within the label are displayed incorrectly on logic settings page
  • Bugfix: Exporting entries/form on server with zlib.output_compression turned on, result to a zipped content
  • Bugfix: Approval columns on form having review table wasn’t created properly on the review table, which resulted to error message when user clicking the resume link
  • Bugfix: Send File as Attachment option shouldn’t attach files for receipt emails
  • Bugfix: Form title doesn’t display correctly on dashboard when using long Unicode characters
  • Bugfix: Editing entry on admin dashboard on form with ‘edit entry’ enabled, in certain case generate error message
  • Bugfix: On a form with ‘edit entry’ enabled, file upload fields always display “required” error message, even if there is file exist already
  • Bugfix: “Edit User” page can’t accept email address containing apostrophe
  • Bugfix: When shipping option is not enabled, Google Pay won’t work
  • Bugfix: Accessibility issue with error messages
  • Bugfix: Email validation allows two consecutive dots
  • Bugfix: On some system, the payment amount on entries page aren’t displayed using 2 digit decimals
  • Bugfix: Unique validation generate error message under MySQL 8

How to Update

This update is FREE for all users having an active support contract.
As mentioned above, you can download it on Billing Area.

Follow this upgrade instruction:
Upgrading MachForm Self-Hosted 

MachForm Cloud Users

If you’re subscribed to any of our MachForm Cloud plans, there is no further action required on your side. We’ve automatically updated MachForm version on all our cloud users with the latest version.

MachForm 15 Released. Share forms with other users.

Howdy folks! 🙂

Previously, when you need to share your form with other users, you’ll need to become an administrator or contact your administrator to change the permissions of your form.

Using the new manage access feature, you can now do this on your own!
To use this feature, you can go to your Form Info page.

Form Info - MachForm

and then choose manage access

Manage Access - MachForm

You’ll be able to assign specific permissions for each user:

Manage Access - MachForm

This new feature is part of the new version of MachForm (Version 15) which we’ve just released today and it is now available for downloads on Billing Area.

This update added new feature and bugfixes. We recommend you to upgrade due to improved functionalities within this release.

Changelog

  • Feature: Allow users to share forms on their own
  • Feature: Added option to open a blank new form when running under “edit entry” mode
  • Bugfix: User without ‘edit entry’ permission shouldn’t be able to see the edit link on entry
  • Bugfix: ‘exif_read_data()’ warning message upon upload
  • Bugfix: ‘mime_content_type()’ error message upon upload
  • Bugfix: When default admin theme is not vibrant, user won’t be able to choose vibrant as their preferred theme
  • Bugfix: Compatibility issue with the webhook sending incorrect Authorization: BASIC header
  • Bugfix: Compatibility with PHP 7.4 when sending using SMTP
  • Bugfix: Stripe compatibility issue with PHP 7.4
  • Bugfix: Signature images has wrong path on windows server when MachForm installed on root domain
  • Bugfix: On a single-page form, submitting a new form immediately after editing an entry will overwrite the data to the previously edited entry
  • Bugfix: Edit entry on form with payment and ‘delay notification until paid’ turned on won’t resend notification
  • Bugfix: Edit entry on form having payment enabled and review page will always redirect to payment page, even if the status already paid
  • Bugfix: Saving error when the form is having ‘Allow Users to Save and Resume Later’ and ‘Allow Users to Edit Completed Submission’ turned on at the same time
  • Bugfix: The “Default From Name” is not being used when creating new forms
  • Bugfix: Improved accessibility with text captcha
  • Bugfix: Improved accessibility on submit buttons
  • Bugfix: New Stripe API keys are 255 characters long, the old one are 50 characters long
  • Bugfix: Activity log not deleted when delete ALL entries, reset the entries ID or delete with MF_CONF_TRUE_DELETE enabled
  • Bugfix: Entry’s ‘Date Created’ is being overwritten incorrectly when both Edit Entry and Resume feature enabled
  • Bugfix: When email subject is having quotes characters and PDF enabled, the PDF can’t be attached
  • Bugfix: Variable typo on confirm page
  • Bugfix: Fixes error message ‘implode(): Passing glue string after array is deprecated’
  • Bugfix: Date field can’t handle “is empty” condition on entries/grid page
  • Bugfix: First attempt on solving captcha always resulted to failure
  • Bugfix: When ‘enable choice limit’ turned on and limit has reached maximum, admin can’t edit the entry
  • Bugfix: Webhook won’t be send any longer when the target URL doesn’t have path/only domain
  • Bugfix: Added config option to enable/disable SQL debug mode
  • Update: Internal CAPTCHA no longer uses session
  • Bugfix: Theme not applied in form locked when user not set theme in their profile
  • Bugfix: Entries column preferences not deleted when field has been deleted
  • Bugfix: Removed hard coding on default name and from email address in logic notification
  • Bugfix: mf.js generate console error message when receiving postMessage from external script

How to Update

This update is FREE for all users having an active support contract.
As mentioned above, you can download it on Billing Area.

Follow this upgrade instruction:
Upgrading MachForm Self-Hosted 

MachForm Cloud Users

If you’re subscribed to any of our MachForm Cloud plans, there is no further action required on your side. We’ve automatically updated MachForm version on all our cloud users with the latest version. You can use the new features right now!

Page 1 of 712345...Last »