Flyspray - The bug killer!

This is the Bug Tracking System for the Flyspray project. This is not a demo!

2019-04-22: Flyspray 1.0-rc9 released See

ID Category Task Type Severity Summary Status Progress Assigned To  desc Due In Version Opened Last Edited
2118User InterfaceFeature RequestLowShow overview of existing tags for usersAssigned
peterdd1.1 devel09.04.201626.10.2019 Task Description

At several places it could be useful to let the user view available tags:

  1. When editing a task a toggle popup could show a list of selectable and existing tags.

I found several nice vanilla-js-multiselect-with-autocompletion scripts, but none yet that still works at a basic level when javascript is turned off.

My plan is now:

  • Keep the current basic input text field for input tags and show current assigned tags like exampletag1;exampletag2;exampletag3 separated by ‘;’ that is sent to the server when saving the task and server handles evaluation of that string (validation, duplicates, removed, added, creating new tags if allowed for current user)
  • A CSS only toggle that shows available tags that can be assigned (works even with js turned off), similiar to other places within Flyspray like advanced search toggle.
  • If js turned off, the user must type the tag - not as fancy, but at least works. (I thought also about using a html select with multiple=”multiple” attribute, but was not convinced due styling not possible in modern browsers without js)
  • If js is enabled, more fancier stuff is possible:
    • The input text field is hidden by display:none and instead the styled tags are shown.
    • The current added tags also get a little x to remove a tag by clicking it. The content of the hidden input text field is updated to reflect the current editing status. (click eventlistener)
    • A generated text input field for typing with autocompletion list shown of matching availbale tags. An unknown tag is added to the list if user is allowed to create tags. Clicking a item in the autocompletion list adds the tag and resets the autocompletion input text field for the next autocompletion action.
    • The tags within the toggle list with all available tags get also a click event listener, so clicking it adds them to the hidden text input.
    • Not sure yet if an added tag should be removed from the all available tags list or just make an CSS indication that a tag is still added, currently I tend to keep the list untouched, just highlight used tags of the task.
  • Optionally make the all available tags sortable by:
    • list_position (default)
    • alphabetic
    • global or project level
    • popularity (count of tasks using a tag (n + unnumbered private)), requires adding a data attribute.
    • group by detected prefix like shape:triangle shape:circle shape:rectangle could show a group of tags as: shape: triangle circle rectangle
  1. Make the list of tags searchable for the advanced search. added with FS1.0-rc10 by just using search key words also for searching list_tags table.
2621Backend/CoreBug ReportMediumphp notice/warning when reopening in some circumstancesNew
peterdd1.027.11.202027.11.2020 Task Description

Reopening a task triggers a PHP notice with PHP7.4 under some circumstances.
Reopening a task triggers a PHP warning with PHP8.0 under some circumstances.


  1. Create task
  2. Close task directly without setting a completion percentage
  3. Reopen the task
Notice: Trying to access array offset on value of type bool in /***/includes/ on line 684
Notice: Trying to access array offset on value of type bool in /***/includes/ on line 686
Notice: Trying to access array offset on value of type bool in /***/includes/ on line 686
peterdd1.0-rc10312.12.201918.02.2020 Task Description

PHP 7.4 is out now and a few things should be done to make Flyspray work well with it.
Nothing really breaks, but a view deprecation warnings should be fixed.

Flyspray source itself: Just a few new notices, most are yet fixed in the master branch.

Watching the PHP7.4 compatibility of dependencies defined by composer.json:

  • ADOdb/ADODb: 5.20.15 should be OK for Flyspray
  • swiftmailer/swiftmailer: We still use 5.* branch, so either do quickfix for a notice in a fork or upgrade/rewrite our integration to the 6.* branch.
  • ezyang/htmlpurifier: 4.12 OK
  • thephpleague/oauth2-client: unknown, we still use 0.13, last real source change was Nov 2018, to upgrade requires rewrite of integration into Flyspray and there is low demand for OAuth2.
  • dapphp/securimage: seems to be OK
  • jamiebicknell/sparkline: OK, but probably obsolete for us in future due
    • still annoying problems with our github/travis tests (problem of travis, not sparkline itself)
    • better solution (interactive hover infos, scales, screen size adaptive) by Flyspray source planned
2594Backend/CoreTODOHighpagination of user listAssigned
peterdd1.0-rc1023.02.202012.04.2020 Task Description

For Flyspray installations with many users (several thousands) a pagination of the user list in the admin area is required.

2000 users no problem to display (aside the PHP max_input_vars limit which is only 1000 by default, so maybe not all checked checkboxes are handled.)

More users might send your mysql to long running blocking queries creating temp tables … bad!

(I killed them by watching show processlist; and kill id; on mysql console.)

2598User InterfaceBug ReportLowuser registration in admin area: "username taken" but t...Assigned
peterdd1.0-rc10320.03.202027.03.2020 Task Description

Trying to add a new user having the same email address as an another user in the do=admin&area=newuser section results in

“That username is already taken. You will need to choose another one.”

instead of

“Email address has already been taken”

(I’ve stumbled on this issue because I have an older disabled user with the same email address)

2624Backend/CoreBug ReportHighfatal error with PHP8 and syntax_plugin html (ckeditor)New
peterdd1.0-rc1010.02.202110.02.2021 Task Description

The used get_class_methods($classname) function now throws exception in PHP8 when the class does not exists (or couldn’t be found).

grep -rin4 get_class_methods 
class.tpl.php-1006-	public static function render($text, $type = null, $id = null, $instructions = null)
class.tpl.php-1007-	{
class.tpl.php-1008-		global $conf;
class.tpl.php:1010:		$methods = get_class_methods($conf['general']['syntax_plugin'] . '_TextFormatter');
class.tpl.php-1011-		$methods = is_array($methods) ? $methods : array();
class.tpl.php-1013-		if (in_array('render', $methods)) {
class.tpl.php-1014-			return call_user_func(array($conf['general']['syntax_plugin'] . '_TextFormatter', 'render'),
class.tpl.php-1036-    public static function textarea($name, $rows, $cols, $attrs = null, $content = null)
class.tpl.php-1037-    {
class.tpl.php-1038-        global $conf;
class.tpl.php:1040:        if (@in_array('textarea', get_class_methods($conf['general']['syntax_plugin'] . '_TextFormatter'))) {
class.tpl.php-1041-            return call_user_func(array($conf['general']['syntax_plugin'] . '_TextFormatter', 'textarea'),
class.tpl.php-1042-                                  $name, $rows, $cols, $attrs, $content);
class.tpl.php-1043-        }

Previously it just returned null as also documented on! :-/ :

In case of an error, it returns null.

So either php guys update their source code or documentation. Netherless a workaround is needed.

2316Backend/CoreBug ReportLow"wrongtoken" is displayed if the comment box is left si...Assigned
peterdd7122.11.201629.07.2019 Task Description

I understand this is likely due to some sort of XSS CSRF protection, but the delay doesn’t appear to be long enough to be useful for a lengthy comment to be posted. I’ve now lost two detailed comments in our tracker because the software threw everything out and generated a meaningless error.

Further, attempting to do the normal thing and making the browser resubmit the page results in Flyspray throwing “Error #3” something something repeated action and causing a redirect to the homepage.

Surely there has to be a better way to handle this that doesn’t incur data loss?

2559Backend/CoreBug ReportLowa duplicate close accepted even when missing comment/ r...New
peterdd29.07.201929.07.2019 Task Description

Closing a task with selected close reason duplicate should warn when there is no comment or FS # id is given in the close comment text field.

The task is closed as duplicate without any further notice. The information to which task it is duplicate or a description (if the problem is logged/handled outside Flyspray) is lost.

Possible solutions

Frontend hints

  • variant F1 (soft): When duplicate as close reason is selected, a placeholder attribute in the close comment text field could be shown/updated. (maybe as ‘css only’ possible)
  • variant F2 (harder): Deny sending the form if duplicate selected, but comment text field is empty. and shows warning info. (javascript required, nojs browsers still send form.)
  • variant F3 (hard): Deny sending the form if duplicate selected and no task id detected in comment text field. and shows warning info. (javascript required)

Backend deny

  • variant B1 (soft): When request wants close a task with duplicate reason and (cleaned) comment string is empty, deny closing the task and give feedback to user why it was denied.
  • variant B2 (hard): It requires detecting a task id in the comment field and the first detected task id is taken for referencing as ‘is duplicate of’. Limitation of this is that the duplicate could be also a ticket or something of a complete other system.
2560Backend/CoreBug ReportLowdo not allow close task with reason duplicate referenci...New
peterdd29.07.201929.07.2019 Task Description

So closing a task



reason: duplicate

and close comment


referencing to self should be detected to avoid such user mistakes.

2573Backend/CoreTODOLowadd rel nofollow,ugc,.. settingsNew
peterdd114.09.201915.09.2019 Task Description
  1. Find a good configuration name just reuse relnofollow as used by dokuwiki
  2. Find a good translation keyword for that config relnofollow
  3. Find a good translation keyword for config description (title attribute)

Goes into prefs table as it is sitewide configuration.

As first implementation a simple checkbox should be ok. Should be on the tab with other spam handling stuff like captcha configuration.

Is enabled by default (1).
Adapt setup xml files, upgrade procedure.

2585User InterfaceTODOMediumUpgrade CKEditor to 4.13New
peterdd02.12.201917.02.2020 Task Description

To fix some other open tasks, an update of the CKEditor4 files is probably the best way.

Starting with CKEditor4 ‘Basic’ preset, evaluate every additional Plugin before adding them to the config.

Because the selection of plugins starts with the ‘Basic’ preset, some configs are disabled in the resulting config.sys like the ‘Strike’ button or the Copy/Paste functionality.

I am also evaluating the possibilities to make some of the options configurable within the Flyspray configuration. It is probably required to analyze if a setting applies to only CKEditor syntax or would be also by used for installs using dokuwiki syntax/engine.

I can also imagine enable/disable features based on Flyspray user permissions. (but that requires not only CKEditor config, but also server side changes like HTMLpurifier settings.)


Just choose all languages available in the CKBuilder.

Probably we need to adjust the CKEditor to use the users Flyspray language settings too. I changed my language to french in a test install but the CKEditor still shows german user interface. (probably detected by browser http request headers)

Compare that the used language abbreviations work together between files in lang/ of Flyspray and that of CKEditors. (Flyspray: lang/pt_br.php vs. CKEditor: js/ckeditor/lang/pt-br.js)

Theme selection

Probably use a CKEditor source maintained Moona-Lisa or Moona as these are easier to modify their color themes like auto light/dark mode browser detection or base colors that match the theme.

Moona Color currently has issues and not maintained by CKEditor guys.


The previous contained CKEditor 4.4.7 probably hat the standard preset used.

Following I keep track of plugins we should add to the basic preset. This list is growing/edited until the final config that ships with Flyspray is found.


This would enable choosing a user by their username, like @peterdd.

Requires writing an extra php file for retrieving a matching list of users, that respects current user permissions and status of users (like not fetch disabled users).
This extra php file could be also used for the editor textareas with a dokuwiki toolbar.

Auto Grow

This is just a promising usability improvement. No scrollbars needed when writing longer texts.

Turns just typed urls like into real links (like dokuwiki does it when rendered on page.)

Baloon Toolbar

This just sound like a promising usability improvement. Not tried yet. Only add when there is use case (other plugins usability profit from it) for Flyspray.


Probably required because existing Flyspray installs had it too and citing a comment/text snippet should be also able.

Code Snippet

Probably requires deeper look how secure integrate with server side cleanup (HTMLpurifier).


h1-h6 and other tags. Probably required as previous Flyspray versions used that too. (TODO: What happens to old content with h1-h6 tags when editing with a CKEditor without the Format plugin?)

Also configure it to accept only tags useful for within Flyspray. (see also server side configuration of HTMLPurifier)

Remove Format

Existing Flysprays had this too and probably a good thing when the user can cleanup their word/whateverwhere pasted stuff cleaned before HTMLpurifier does it server side too with maybe surprises to the end user.

Show Blocks

Gives the user some confidence on command if his current editing has the right/intended structure.

Well, that missing is one of the reasons why I hated WYSIWYG or wannabe WYSIWYG editors in the past. Uncertainty by the end user, and pain for the admin/webmaster when he sees the garbage stored in the database (endless spans and other garbage tags partly wrong nested by just pasting from Word documents.)
(little bug in CKEditor 4.13.0: doesn’t expand the area with plugin Auto Grow enabled)

Source Editing Area

Useful for people that can read HTML or are responsible to fix things.

2596EmailBug ReportLowInvalid link in notification HTML part of eMailWaiting on Customer
peterdd214.03.202026.03.2020 Task Description

my notification eMails have invalid links.

I use a different port. See below for the partial eMail source text:

… <br>Mehr Informationen k=C3=B6nnen unter=
der folgenden URL abgerufen werden: <br><a href=3D”“>pp=</a>:444/bug/index.php?do=3Ddetails&task_id=3D309<br><br>Sie erhal=
ten diese Nachricht, weil Sie in Flyspray Benachrichtigungen aktiviert habe=

Debian GNU/Linux 10 (buster)
MySQL 10.3.22
PHP version: 7.3.14-1~deb10u1
Flyspray 1.0-rc9

Steps done to create the problem:
-Use a different Webserver Port
-Enable eMail notifications
-Create or modify an task

Expected behavior:
-Valid link

Experienced behavior:
-Invalid link


2620Backend/CoreTODOMediumPHP8 compatibilityNew
peterdd126.11.202010.02.2021 Task Description

PHP 8.0 is now released (2020-11-26) and Flyspray should be made compatible with it.

  • Replace removed and deprecated functions with alternatives in our source code.
  • Upgrade used libraries or make used libraries compatible:
    • post github issue or pull requests for ADODB
    • upgrade used dokuwiki or make changes in our integration (probably just review our as official dokuwiki project contains to much stuff we do not need and changed much)
    • review used geshi
    • upgrade our swiftmailer version to PHP8 compatible version
    • upgrade our oauth2-client stuff to PHP8 compatible version
2625User InterfaceTODOLowavoid password manager popups in admin prefs areaNew
peterdd110.02.202110.02.2021 Task Description

We must teach browsers not to use some input fields in the admin prefs area to offer to store it in their password manager.

Steps to reproduce:

  1. Login with Firefox as admin into Flyspray. (Maybe other browsers behave same)
  2. Go to admin prefs area (top right gear icon)
  3. Click link somewhere else (so leaving admin prefs page)
  4. Firefox browser pops up password manager as it detected some password input fields on admim prefs setting page. But in this case this is not wanted.

Either by using different input field names where the browser does not assume it is a login password field or find input field attribute to tell them.


is not working anymore in browsers for password fields.

webbrowser: Firefox 85.0.2

Popup probably triggered by the password fields for configuring Email and XMPP notification: smtp_pass and jabber_password input fields. Firefox heuristic is too stupid to detect that these are for server configuration, not user login fields!





attribute helped.

Stubborn Firefox ..

2601Public RelationsFeature RequestMediumhttp -> https missing redirection (19-04-09)Assigned
Florian SchmitzCristian Rodríguez R.321.04.202025.09.2020 Task Description


19-04-09 // More one year ago.

There are not http → https redirections.

Only one example:
- is not redirected to

Note: It is better to have the main website in + + must be redirected to

1539Backend/CoreFeature RequestLowSitemap.xml GenerationUnconfirmed
2.12112.01.200911.03.2015 Task Description

I would like the feature to have a sitemap.xml file be generated, say every xx days, set in the configuration.

1599User InterfaceFeature RequestLowImplement "Tasks not blocked by other tasks"Unconfirmed
2.1111.08.200903.03.2013 Task Description

In the advanced search, there is "Tasks not blocking other tasks"

Implement a related: "Unblocked tasks" (i.e. Tasks not blocked by other tasks)

1608Installer and UpgraderBug ReportLowreserved characters cause database error after installa...Unconfirmed
0% Task Description

the installer does not check for reserved characters when writing to flyspray.conf.php, causing parse_ini_file() to return an invalid database password.

1792Backend/CoreFeature RequestLowChanges from Deprecated 1.0.0New
0% Task Description

Someone should go through all the changes from 1.0.0 and figure out which features should be ported to 1.0 devel and open tickets for them, and/or open tickets for the items that should be done in 2.0

407Backend/CoreFeature RequestMediumPlugin systemConfirmed
2.0261404.12.200417.01.2013 Task Description

Everything is currently hard-coded. Create a plugin system that allows a module to be simply "dropped into" a plugins/ directory, enabled in the options, and have the plugin just work.

Possibilities might include alternative methods of notification, perhaps a documentation subsystem, or even simple things like voting for tasks.

The user should NOT have to edit existing Flyspray source code to make a plugin work.

920User InterfaceFeature RequestLowCharts (gantt, severities, OSes, opened-closed, ...)Researching
2.017806.05.200618.07.2015 Task Description

With all informations on flyspray, it's possible to generate a gantt chart.
For this, some php code exists :

1237Backend/CoreFeature RequestMediumAllow Multiple Owners Per CategoryPlanned
2.04709.04.200710.08.2015 Task Description

Currently, only one owner can be applied per category (at least, that's what the tooltip implies). The ability to add more than one user, a user group, or a mix of the two to a category would be ideal.

Often times, more than one programmer will work on and maintain a feature that cannot be divided into subcategories with the various programmers dispersed accordingly. In such cases, setting all such programmers as owners of the category is beneficial in that they will all receive notifications.

Also, having a parent category's owner receive alerts if no owners are specified for a sub-category benefits from this ability. I may have a "User Interface" group that has all of my UI developers in it; assigning the group to the "User Interface" root category means all relevant developers find out about a new issue that was not directed elsewhere.

One potential conflict does arise with another Flyspray feature. If "Auto-assign a task to the category owner" is enabled, care must be taken to assign no users or the first user to the task; personally, I would prefer no one being assigned and seeing the wording changed to "Auto-assign a task to sole category owners". Worst case scenario would be another option asking if no one or the first user would be assigned to a task in that instance; if a group is specified, the first user in the group would be chosen.

1485User InterfaceFeature RequestLowAdditional extended Printview for the TasksPlanned
0% Task Description

It would be useful to print a list of tasks in a extended version.
e.g. All tasks from a programmer with all the details of it.

1491User InterfaceFeature RequestLowCustom task table columns for individual usersUnconfirmed
2.0301.07.200801.10.2015 Task Description

Allow individual users to define custom views of the task tables much like the project manager can for the entire project; only on a user scale.

An option for the user to "use default" project settings should be possible and should be the default.
Only pro users will change it to their needs, not the average reporter.

Interesting would be the possibility to change it dynamic on the tasklist view, not only on the myprofile setting page.

Open Question: Simple or complex implementation?

  • Simple: A new varchar field for the user table like it is in the project table and provide the same field chooser like on project setting page.
  • Complex: User settings for global tasklist view and each project. Needs extra 'project_user' (or 'user_project' ;-) ) join table. Well, maybe over engineered.
1529Backend/CoreBug ReportLowInactivity-close doesn't work, bug is left openMaybe
2.0207.01.200924.09.2015 Task Description

If you define an inactivity-close value in hours/days (haven't tried weeks) the bug is still open when the time expires.

1612Backend/CoreFeature RequestLowAllow Comments by anonymous UsersUnconfirmed
1628NotificationsFeature RequestLowGlobal Notification addressUnconfirmed
1734Backend/CoreBug ReportLowAdd Timezone Selection to Admin PanelMaybe
1760Backend/CoreFeature RequestLowColumn 'last commenter' in tasks list viewMaybe
1766Backend/CoreFeature RequestLowAllow users to choose their favourite themePlanned
1772Backend/CoreFeature RequestLowDifferent kinds of votesMaybe
1774Backend/CoreFeature RequestLowEmail LayoutMaybe
1782Backend/CoreFeature RequestLowCustom fields on taskPlanned
1783NotificationsFeature RequestMediumCreate account for non-logged user automaticallyPlanned
1798Backend/CoreFeature RequestLowBounty System New
1809User InterfaceFeature RequestLow Searching closed tasks by Reason for closingMaybe
1811Backend/CoreFeature RequestLowGoogle Docs/Dropbox IntegrationNew
1818Backend/CoreFeature RequestLowGit/SVN/CVS IntegrationPlanned
1819Backend/CoreFeature RequestLowCommunicate via emailPlanned
1820Backend/CoreFeature RequestLowMerge comments, history, and detailsNew
1823Backend/CoreFeature RequestLowComments with edit changesPlanned
1834Backend/CoreFeature RequestLowuser profile pageMaybe
1843Backend/CoreFeature RequestLowAttach 1 ticket to multiple projectsMaybe
1857User InterfaceFeature RequestLowLogin and then submit new taskResearching
1858Backend/CoreFeature RequestLowClone Tasks and ProjectsMaybe
1866Backend/CoreFeature RequestLowAPI for automatically report a bugMaybe
1868Backend/CoreFeature RequestLowOne issue for multiple componentsMaybe
1871Backend/CoreFeature RequestLowRestricted Task Types Based on GroupMaybe
1876Backend/CoreFeature RequestLowAdd wiki page tabPlanned
1882EmailBug ReportMediumError with email notificationPlanned
Showing tasks 1 - 50 of 326 Page 1 of 7

Available keyboard shortcuts


Task Details

Task Editing