• Status Closed
  • Percent Complete
  • Task Type TODO
  • Category User Interface
  • Assigned To No-one
  • Operating System All
  • Severity High
  • Priority Low
  • Reported Version 1.0 alpha1
  • Due in Version 1.1 devel
  • Due Date Undecided
  • Votes
  • Private
Attached to Project: Flyspray
Opened by jahto - 18.03.2015
Last edited by peterdd - 11.07.2016

FS#1979 - Update

This site itself should be updated immediately to the current alpha version. We should eat our own dogfood.

  • modification in on with password_hash() wasn’t ported to 1.0dev version, so some users of aren’t able to login now??? need to reset her password..? You just need to change passwdcrypt param from ‘md5’ (was default until FS1.0-rc1) to ‘crypt’.
Closed by  peterdd
11.07.2016 16:48
Reason for closing:  Complete
Project Manager

Yes, but please keep dokuwiki syntax here.

And please look how the secure session cookies on were implemented as this is currently not in github dev.
(hope Jordon or Psycho reached the guy who did it)

jahto commented on 19.03.2015 17:57

Do you mean that there's something very important missing from our codebase?

Project Manager

Don't we want to wait until beta at least for update? I'll ask access to update, or Jordan will do it. @peterdd We'll send you a copy of this FS if that's ok for you?

Project Manager

Yes, I can take a look. Send at my email please.

@jouni: uses the secure cookie feature, but there isn't anything for that in github code yet. So this install here is a customized version.

I just added the possibility for that setting in github code (well, its just a wrapper around a builtin php function) and set only the httponly option.
So we cannot just take the github version here until secure cookie feature usage/setting is also implemented in github dev code.
It can be a bit tricky to test, because server needs SSL/TLS certificate, http server settings.. .

Further todos for going https:

  • selfhosting the font files and its css (font-awesome)
  • check that there aren't mixed contents https/http on pages.

Project Manager

Lowered severity and priority after seeing quirks with new user registrations and email receivings.

This must be addressed first.

Project Manager

Actually I tested on my install, and weirdly, If I disallow task viewing for visitors, they see only certain tasks that have certain states. Must test further

Project Manager

And another bug at upload avatar image on

Warning: move_uploaded_file(/srv/www/vhosts/*/avatars/69b5b4bf6c.jpg): failed to open stream: Permission denied in /srv/www/vhosts/*/includes/ on line 1243

Warning: move_uploaded_file(): Unable to move '/tmp/phpBtgmH6' to '/srv/www/vhosts/*/avatars/69b5b4bf6c.jpg' in /srv/www/vhosts/*/includes/ on line 1243

Warning: getimagesize(/srv/www/vhosts/*/avatars/69b5b4bf6c.jpg): failed to open stream: No such file or directory in /srv/www/vhosts/*/includes/ on line 36

Warning: Division by zero in /srv/www/vhosts/***/includes/ on line 38

...more warnings...

jahto commented on 23.06.2015 07:03

Can someone check that an anonymous group actually exists and is global, ie. belongs to project 0? Otherwise, now that rights check is done with SQL, the following assumption in the query might not hold true:

– Global group always exists
JOIN ({groups} gpg

  JOIN {users_in_groups} gpuig ON gpg.group_id = gpuig.group_id AND gpuig.user_id = ?		

) ON gpg.project_id = 0

I'll update my installation here at work as soon as possible and do some testing.

Project Manager

I can say that in my installation it doesn't exist. Needs checking here

jahto commented on 23.06.2015 07:47

Pull request already made for temporary fix. Have to think those anonymous users a bit more.

Project Manager

Added securecookies config option.

Please test if that works for your https server / hosting environment / php version combo.

Project Manager

The last 10% are the problem of admins/maintainer of the server because of handmade modifications. Edit: Just change parameter passwdcrypt in flyspray.conf.php .


Available keyboard shortcuts


Task Details

Task Editing