Flyspray - The bug killer!

  • Status Unconfirmed
  • Percent Complete
    0%
  • Task Type Feature Request
  • Category Backend/Core
  • Assigned To No-one
  • Operating System All
  • Severity Low
  • Priority Very Low
  • Reported Version 1.0-rc
  • Due in Version Undecided
  • Due Date Undecided
  • Votes
  • Private
Attached to Project: Flyspray - The bug killer!
Opened by V - 07.03.2017

FS#2427 - allow hotlinking (direct links) to uploaded files

Currently all attached files get renamed (like “screenshot331.png” → “attachments/14_72a4ca580abcdef69f60b1f”) and they could be downloaded only throught the php script (”/index.php?getfile=1234”) which requires that user must be logged in to view the file.
It is not very convenient when you need to show a file to some person who is on mobile phone at the moment or using not a work computer. Also sometimes you might need to share a file with anyone without having them to register at your bug tracker.

I suggest you to add a checkbox like “create a direct link” when uploading a file, which will save the file with original name and extension but adding some random generated prefix (like “screenshot331.png” → “attachments/14_72a4ca580abcdef69f60b1f.screenshot331.png”).

However this poses a high security risk so there should be a list of allowed file extensions (e.g. “jpg,png,txt,pdf,doc,zip”) - only these files could be saved with the original extension. This list should be accessible by the main administrator only, thus the safest option would be storing it inside the “flyspray.conf.php”.

Project Manager
peterdd commented on 08.03.2017 21:39
which requires that user must be logged in to view the file.

No, it depends on the task permission. So if a task is public visible, the attachments there are too.

show a file to some person who is on mobile phone

Could you please explain what exactly is the problem (example)?
You can simply open your Flyspray with your phone and show the attachment to the person, not? If current Flyspray's usability on your phone is just bad/do not match your expectation, then that's another topic what can be improved in future. (screenshot?)

Maybe I do not understand your use case, but from my point of understanding I would say no to this feature request, better identify the real/underlying problem.

What if Flyspray stores attachments in future in database too?
For example I think about storing thumbnails of attachments in future in database.
So if a tasks/comments contain attachments a thumbnails can be seen together with task description/comment text.

(If someone is scared now, probably only thumbnails, not original file uploads.)

V commented on 09.03.2017 07:08

I chat (e.g. via Jabber) with a person who is away from his desk so he is online on his mobile phone. I need to send him some file attached to a task, e.g. a screenshot to briefly describe the problem I encountered. He won't be able to see it unless he logs in to the tracker which is not very convenient on the mobile phone.
And what if I need to share a file with a third party who is not even registered in the tracker?

The project permissions set to not visible to guests. I do not want to make the entire project visible and I think it is impossible to make visible only a single task.

What if Flyspray stores attachments in future in database too?

It is very bad idea. Imagine 20 MB .psd Photoshop files or 10 MB .apk Android builds attached.

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing