Flyspray - The bug killer!

  • Status Closed
  • Percent Complete
    100%
  • Task Type TODO
  • Category User Interface
  • Assigned To No-one
  • Operating System All
  • Severity High
  • Priority Low
  • Reported Version 1.0 alpha1
  • Due in Version 1.1 devel
  • Due Date Undecided
  • Votes
  • Private
Attached to Project: Flyspray - The bug killer!
Opened by Jouni Ahto - 18.03.2015
Last edited by peterdd - 11.07.2016

FS#1979 - Update bugs.flyspray.org

This site itself should be updated immediately to the current alpha version. We should eat our own dogfood.

  • modification in 0.9.9.7 on bugs.flyspray.org with password_hash() wasn’t ported to 1.0dev version, so some users of bugs.flyspray.org aren’t able to login now??? need to reset her password..? You just need to change passwdcrypt param from ‘md5’ (was default until FS1.0-rc1) to ‘crypt’.
Closed by  peterdd
11.07.2016 16:48
Reason for closing:  Complete
Project Manager
peterdd commented on 18.03.2015 20:54

Yes, but please keep dokuwiki syntax here.

And please look how the secure session cookies on bugs.flyspray.org were implemented as this is currently not in github dev.
(hope Jordon or Psycho reached the guy who did it)

Jouni Ahto commented on 19.03.2015 17:57

Do you mean that there's something very important missing from our codebase?

Project Manager
Psychokiller1888 commented on 19.03.2015 19:01

Don't we want to wait until beta at least for update? I'll ask access to update, or Jordan will do it. @peterdd We'll send you a copy of this FS if that's ok for you?

Project Manager
peterdd commented on 20.03.2015 03:09

Yes, I can take a look. Send at my email please.

@jouni: bugs.flyspray.org uses the secure cookie feature, but there isn't anything for that in github code yet. So this install here is a customized version.

I just added the possibility for that setting in github code (well, its just a wrapper around a builtin php function) and set only the httponly option.
So we cannot just take the github version here until secure cookie feature usage/setting is also implemented in github dev code.
It can be a bit tricky to test, because server needs SSL/TLS certificate, http server settings.. .

Further todos for going https:

  • selfhosting the font files and its css (font-awesome)
  • check that there aren't mixed contents https/http on pages.


Project Manager
peterdd commented on 20.03.2015 06:18

Lowered severity and priority after seeing quirks with new user registrations and email receivings.

This must be addressed first.

Project Manager
Psychokiller1888 commented on 22.06.2015 18:51

Actually I tested on my install, and weirdly, If I disallow task viewing for visitors, they see only certain tasks that have certain states. Must test further

Project Manager
peterdd commented on 22.06.2015 22:06

And another bug at upload avatar image on bugs.flyspray.org:

Warning: move_uploaded_file(/srv/www/vhosts/*/avatars/69b5b4bf6c.jpg): failed to open stream: Permission denied in /srv/www/vhosts/*/includes/modify.inc.php on line 1243

Warning: move_uploaded_file(): Unable to move '/tmp/phpBtgmH6' to '/srv/www/vhosts/*/avatars/69b5b4bf6c.jpg' in /srv/www/vhosts/*/includes/modify.inc.php on line 1243

Warning: getimagesize(/srv/www/vhosts/*/avatars/69b5b4bf6c.jpg): failed to open stream: No such file or directory in /srv/www/vhosts/*/includes/modify.inc.php on line 36

Warning: Division by zero in /srv/www/vhosts/***/includes/modify.inc.php on line 38

...more warnings...

Jouni Ahto commented on 23.06.2015 07:03

Can someone check that an anonymous group actually exists and is global, ie. belongs to project 0? Otherwise, now that rights check is done with SQL, the following assumption in the query might not hold true:

– Global group always exists
JOIN ({groups} gpg

  JOIN {users_in_groups} gpuig ON gpg.group_id = gpuig.group_id AND gpuig.user_id = ?		

) ON gpg.project_id = 0

I'll update my installation here at work as soon as possible and do some testing.

Project Manager
Psychokiller1888 commented on 23.06.2015 07:11

I can say that in my installation it doesn't exist. Needs checking here

Jouni Ahto commented on 23.06.2015 07:47

Pull request already made for temporary fix. Have to think those anonymous users a bit more.

Project Manager
peterdd commented on 23.07.2015 03:17

Added securecookies config option.

https://github.com/Flyspray/flyspray/pull/323

Please test if that works for your https server / hosting environment / php version combo.

Project Manager
peterdd commented on 19.09.2015 05:23

The last 10% are the problem of admins/maintainer of the server bugs.flyspray.org because of handmade modifications. Edit: Just change parameter passwdcrypt in flyspray.conf.php .

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing