Flyspray

This is the Bug Tracking System for the Flyspray project. This is not a demo!

2021-04-23: Flyspray 1.0-rc10 released See https://github.com/Flyspray/flyspray/releases

If you are upgrading from older version, please wait for 1.0-rc11.

ID Category Task Type Severity Summary Status Progress Assigned To  desc Due In Version Opened Last Edited
2316Backend/CoreBug ReportLow"wrongtoken" is displayed if the comment box is left si...Assigned
0%
peterdd7122.11.201629.07.2019 Task Description

I understand this is likely due to some sort of XSS CSRF protection, but the delay doesn’t appear to be long enough to be useful for a lengthy comment to be posted. I’ve now lost two detailed comments in our tracker because the software threw everything out and generated a meaningless error.

Further, attempting to do the normal thing and making the browser resubmit the page results in Flyspray throwing “Error #3” something something repeated action and causing a redirect to the homepage.

Surely there has to be a better way to handle this that doesn’t incur data loss?

2559Backend/CoreBug ReportLowa duplicate close accepted even when missing comment/ r...New
0%
peterdd29.07.201929.07.2019 Task Description

Closing a task with selected close reason duplicate should warn when there is no comment or FS # id is given in the close comment text field.

The task is closed as duplicate without any further notice. The information to which task it is duplicate or a description (if the problem is logged/handled outside Flyspray) is lost.

Possible solutions

Frontend hints

  • variant F1 (soft): When duplicate as close reason is selected, a placeholder attribute in the close comment text field could be shown/updated. (maybe as ‘css only’ possible)
  • variant F2 (harder): Deny sending the form if duplicate selected, but comment text field is empty. and shows warning info. (javascript required, nojs browsers still send form.)
  • variant F3 (hard): Deny sending the form if duplicate selected and no task id detected in comment text field. and shows warning info. (javascript required)

Backend deny

  • variant B1 (soft): When request wants close a task with duplicate reason and (cleaned) comment string is empty, deny closing the task and give feedback to user why it was denied.
  • variant B2 (hard): It requires detecting a task id in the comment field and the first detected task id is taken for referencing as ‘is duplicate of’. Limitation of this is that the duplicate could be also a ticket or something of a complete other system.
2573Backend/CoreTODOLowadd rel nofollow,ugc,.. settingsNew
20%
peterdd114.09.201915.09.2019 Task Description
  1. Find a good configuration name just reuse relnofollow as used by dokuwiki
  2. Find a good translation keyword for that config relnofollow
  3. Find a good translation keyword for config description (title attribute)

Goes into prefs table as it is sitewide configuration.

As first implementation a simple checkbox should be ok. Should be on the tab with other spam handling stuff like captcha configuration.

Is enabled by default (1).
Adapt setup xml files, upgrade procedure.


	
2625User InterfaceTODOLowavoid password manager popups in admin prefs areaNew
0%
peterdd110.02.202110.02.2021 Task Description

We must teach browsers not to use some input fields in the admin prefs area to offer to store it in their password manager.

Steps to reproduce:

  1. Login with Firefox as admin into Flyspray. (Maybe other browsers behave same)
  2. Go to admin prefs area (top right gear icon)
  3. Click link somewhere else (so leaving admin prefs page)
  4. Firefox browser pops up password manager as it detected some password input fields on admim prefs setting page. But in this case this is not wanted.

Either by using different input field names where the browser does not assume it is a login password field or find input field attribute to tell them.

auto-complete="off"

is not working anymore in browsers for password fields.

webbrowser: Firefox 85.0.2

Popup probably triggered by the password fields for configuring Email and XMPP notification: smtp_pass and jabber_password input fields. Firefox heuristic is too stupid to detect that these are for server configuration, not user login fields!

Neither

autocomplete="new-password"

nor

autocomplete="one-time-code"

attribute helped.

Stubborn Firefox ..

2620Backend/CoreTODOMediumPHP8 compatibilityNew
20%
peterdd226.11.202011.03.2021 Task Description

PHP 8.0 is now released (2020-11-26) and Flyspray should be made compatible with it.

  • Replace removed and deprecated functions with alternatives in our source code.
  • Upgrade used libraries or make used libraries compatible:
    • post github issue or pull requests for ADODB
    • upgrade used dokuwiki or make changes in our integration (probably just review our as official dokuwiki project contains too much stuff we do not need and changed much)
    • review used geshi
    • upgrade our swiftmailer version to PHP8 compatible version
    • upgrade our oauth2-client stuff to PHP8 compatible version
2063Backend/CoreFeature RequestVery Lowshow closed/open usage count on do=pm&area=XXXNew
10%
peterdd129.09.201525.03.2021 Task Description

Currently on

  • do=pm&area=cat
  • do=pm&area=version
  • do=pm&area=os
  • do=pm&area=resolution
  • do=pm&area=status
  • do=pm&area=tags
  • do=pm&area=tasktype

a count of usage in tasks is shown for every property.

Interesting would be if the counter shows the count for open/closed tasks on each row.

2598User InterfaceBug ReportLowuser registration in admin area: "username taken" but t...Assigned
0%
peterdd1.0320.03.202014.04.2021 Task Description

Trying to add a new user having the same email address as an another user in the do=admin&area=newuser section results in

“That username is already taken. You will need to choose another one.”

instead of

“Email address has already been taken”

(I’ve stumbled on this issue because I have an older disabled user with the same email address)

2637Installer and UpgraderBug ReportHighFailure to upgrade 1.0-rc9 to 1.0-rc10 (postgresql 12.6...Assigned
50%
peterdd1.0-rc11729.04.202105.05.2021 Task Description

I administer a small personal (<1K ticket) 1.0-rc9 instance running on a Fedora 32 host (php 7.4.16, postgresql 12.6) Following the upgrade instructions (ie transfer attachments, avatars, flyspray.conf.php) the setup/upgrade tool loads, and prompts me to upgrade.

Unfortunately, the upgrade fails spectacularly, with a reported SQL error that belies what’s actually wrong. Here’s a snippet from the postgresql logs where the upgrade is failing:

2021-04-28 10:33:07.190 EDT [2032049] ERROR: column “attachment_id” of relation “flyspray_attachments” already exists
2021-04-28 10:33:07.190 EDT [2032049] STATEMENT: ALTER TABLE flyspray_attachments ADD COLUMN attachment_id SERIAL
2021-04-28 10:33:07.194 EDT [2032049] ERROR: current transaction is aborted, commands ignored until end of transaction block
2021-04-28 10:33:07.194 EDT [2032049] STATEMENT: ALTER TABLE flyspray_attachments ADD COLUMN task_id INTEGER
[…and everything else fails because the transaction aborted…]

It appears that the upgrade script is blindly trying to create columns that already exist in the -rc9 database, and postgresql is treating this as a failure. Because the entire upgrade happens within one transaction, this means the entire upgrade fails at the outset and won’t ever succeed.

The way past this specific problem is to make these ALTER TABLE operations conditional (eg “ALTER TABLE flyspray_attachments ADD COLUMN IF NOT EXISTS task_id INTEGER”).

2636Installer and UpgraderBug ReportHighFailure to upgrade 1.0-rc9 to 1.0-rc10 (mariadb 10.4.18...Assigned
50%
peterdd1.0-rc11629.04.202105.05.2021 Task Description

I administer a moderate-sized (~14K ticket) 1.0-rc9 instance running on a Fedora 32 host (php 7.4.16, mariadb 10.4.18) Following the upgrade instructions (ie transfer attachments, avatars, flyspray.conf.php) the setup/upgrade tool loads, and prompts me to upgrade.

It churns a while before refreshing the screen, claiming a successful 1.0-rc10 upgrade. However, the upgrade seems to not actually “stick”, because clicking on the “return” button I’m dropped back into the upgrader, which is once again claiming I’m running 1.0-rc9 and prompting me to perform the -rc10 upgrade.

According to Flyspray’s admin ‘checks’ tab:

* PHP 7.4.16
* MariaDB 10.4.18
* default_charset: utf8mb4
* default_collation: utf8mb4_unicode_ci
* All tables are ‘InnoDB’

There are no errors logged that I can find, but the upgrade is clearly not working. If I revert to the -rc9 php files, everything continues along as if nothing was done.

Any suggestions?

2639JavascriptBug ReportMediumUnable to "deny" a pending requestResearching
0%
peterdd712.05.202113.06.2021 Task Description

My project has 37 pending requests. Each has a set of Accept / Deny buttons next to it.

If I click on Deny, a textbox pops up for me to enter “Reason for denial” but the entire page immediately regreshes/reloads back to the task list before I have a chance to enter the reason and submit it.

I can always “Accept” the request implicitly by going to the appropriate task and closing/re-opening it, but there’s no way to “deny” something without going through this UI path.

2601Public RelationsFeature RequestMediumhttp -> https missing redirection (19-04-09)Assigned
10%
Floelejudas_iscariote321.04.202025.09.2020 Task Description

From: https://groups.google.com/forum/?hl=en#!topic/flyspray/rAnks5y_uLk

19-04-09 // More one year ago.

There are not http → https redirections.

Only one example:
- http://www.flyspray.org/docs/download/ is not redirected to https://www.flyspray.org/docs/download/

Note: It is better to have the main website in https://flyspray.org/.

http://www.flyspray.org/ + https://www.flyspray.org/ + http://www.flyspray.org/ must be redirected to https://flyspray.org/

1518NotificationsFeature RequestLowShow last date/time when a reminder was sentUnconfirmed
0%
15.11.200815.11.2008 Task Description

This information is already stored in the table "reminders" in field "last_sent". It might be helpful in some situations, if this date/time would be visible to the user on the reminder list, too.

1521Backend/CoreFeature RequestLowAssignees should be able to see and create reminders fo...Unconfirmed
0%
22.11.200818.04.2009 Task Description

In version 0.9.9.5.1 (unfortunately I couldn't select this version in the dropdown list on the left), reminders can only be created and edited by Admins and Project Managers. I recommend to give Assignees the permission to create reminders for themselves. To minimize any programming impact, his may be done as part of the "edit own tasks" permission.

This topic has been reported by Engie as part of Bug #713 for version 0.9.8 as well: "Also it would be useful if a user could create reminder for himself." Although that bug is already closed ("fixed in devel"), this part is not yet solved in the current version.

1670User InterfaceFeature RequestLowAssign Key-Shortcuts to form fieldsUnconfirmed
0%
04.12.201004.12.2010 Task Description

Forms should be submittable by using keyboard shortcuts.
S for submit.
Set-able via the accesskey attribute on HTML inputs.

1628NotificationsFeature RequestLowGlobal Notification addressUnconfirmed
0%
2.0125.02.201017.01.2013 Task Description

For a combination of archiving / "notify bot" reasons I have found it useful to have a single global notification address where all bug reports / updates / comments go.

In the past I've used this to automatically dump updates into a IRC / Jabber chat room as well as provide a way for a project manager (me) to keep an idea of the amount of activity. Please let me know if you have questions about this.

1612Backend/CoreFeature RequestLowAllow Comments by anonymous UsersUnconfirmed
0%
2.02120.10.200917.01.2013 Task Description

I would love a option to allow anom users to write comments! Maybe with CAPCHA...
I allow anom users to report bugs, but when I have a question to this bug, or the reporter wants to make a additions, he has to register...

I tried hacking it in the core: In the class.user.php at the end of the get_perms method I added:
$this→perms[$proj_id]['add_comments'] = 1;

But I has nothing changed. The I removed the check if the user had the right to make a comment in the template file, now I have a comment field for everyone, but anom user get a error message saying, that they should enter a comment... I searched a lot in the core files, but I don´t find the point where the comment a written in the database... I would a great help if you could give at least a hint :)

Another thing i tried was changing the user contructor, that every user with a negative ID get the ID 2, witch is a special "anom" user. But then you could not log out, a the admin not in...

Here the link to my site: bugs.thekingdomofdarkness.de

407Backend/CoreFeature RequestMediumPlugin systemConfirmed
0%
2.0261404.12.200417.01.2013 Task Description

Everything is currently hard-coded. Create a plugin system that allows a module to be simply "dropped into" a plugins/ directory, enabled in the options, and have the plugin just work.

Possibilities might include alternative methods of notification, perhaps a documentation subsystem, or even simple things like voting for tasks.

The user should NOT have to edit existing Flyspray source code to make a plugin work.

1608Installer and UpgraderBug ReportLowreserved characters cause database error after installa...Unconfirmed
0%
2.107.10.200903.03.2013 Task Description

the installer does not check for reserved characters when writing to flyspray.conf.php, causing parse_ini_file() to return an invalid database password.

1876Backend/CoreFeature RequestLowAdd wiki page tabPlanned
0%
2.03126.09.201306.03.2015 Task Description

It will quite useful to have wiki page for project.

1871Backend/CoreFeature RequestLowRestricted Task Types Based on GroupMaybe
0%
2.019.07.201306.03.2015 Task Description

I have a public bug tracker and would like to have a TODO like task, except restricted so only the developers can set the task type to TODO, while the general reporters can just submit bug reports or feature requests.

1866Backend/CoreFeature RequestLowAPI for automatically report a bugMaybe
0%
2.01108.05.201306.03.2015 Task Description

Actually you can't automatically add a bug report. Or i haven't found it.
In a first time a simple report via email or webservice could be great.

- Project Name
- Message
- System
- Version
- Status –> New
- Priority → Normal
- Category –> On a new category (created by default) : 'Automated report bug'

Sorry for bad grammar, i'am not english.

1857User InterfaceFeature RequestLowLogin and then submit new taskResearching
0%
2.0127.03.201306.03.2015 Task Description

Hello,
when I wanted to use Flyspray to manage request from non-technical customer, I found one missing feature:

I have "report a problem" link on devel version of web site. But to submit new task, it is necessary to login into Flyspray.

It would be nice if there was an URL with login form if user is not logged in and "add new task" form if he is logged in.

Example scenario:
- Customer visits devel site after some time and finds some problem. He wants to report it.
- Customer clicks "report a problem" on the devel site and Flyspray is opened.
- Customer now see some wierd error message and has no idea what is wrong. If anonymous reports are allowed, he sees the form, but cannot upload screenshots and he must enter his e-mail address.

How it should be:
- Customer visits devel site after some time and finds some problem. He wants to report it.
- Customer clicks "report a problem" on the devel site and Flyspray is opened.
- Customer sees login form and (if anonymous reports are allowed) there is also "add new task" form below the login form.
- Customer clicks "login" (password is saved in browser).
- Customer now can fill report with all the comfort.

1856Backend/CoreBug ReportMediumWrong timezonesResearching
0%
1327.03.201306.03.2015 Task Description

Hello,
when selecting timezone in user profile, it only offers offset based timezones. It should offer timezones like "Europe/Prague", instead, because in summer it is UTC+2 and in the winter UTC+1. Also UTC is the same as GMT.

Using offsets will cause invalid future and past times when crossing daylight saving or when something other changes.

Adding daylight checkbox is not enough and will cause additional troubles. Just use names and store them as ENUM in database, not offset. This problem is pretty complicated and the only solution is to use names and let libraries to solve it for you.

Thank you.

1843Backend/CoreFeature RequestLowAttach 1 ticket to multiple projectsMaybe
0%
2.007.03.201306.03.2015 Task Description

As title says

1823Backend/CoreFeature RequestLowComments with edit changesPlanned
0%
2.0230.01.201306.03.2015 Task Description

When editing a ticket to change things like User, Percent done, etc should be able to add a comment. When changing 100% → 70% for example, there is usually a comment that goes along with that (e.g., you didn't yet finish changing the background color)

1798Backend/CoreFeature RequestLowBounty System New
0%
2.0113.12.201206.03.2015
1924Backend/CoreBug ReportLowBetter errors messages on email errorNew
0%
1.1 devel11.07.201406.03.2015
1783NotificationsFeature RequestMediumCreate account for non-logged user automaticallyPlanned
0%
2.027.11.201207.03.2015
1734Backend/CoreBug ReportLowAdd Timezone Selection to Admin PanelMaybe
0%
2.0112.05.201207.03.2015
1772Backend/CoreFeature RequestLowDifferent kinds of votesMaybe
0%
2.01123.09.201209.03.2015
1134User InterfaceFeature RequestLowadd icon/image for each projectPlanned
0%
1.1 devel7329.11.200609.03.2015
1958User InterfaceFeature RequestLowPreselect values for event log viewNew
0%
09.03.201509.03.2015
1959User InterfaceFeature RequestLowAdd vote from tasklistPlanned
0%
1.1 devel09.03.201509.03.2015
1956Backend/CoreTODOLowDatesConfirmed
0%
1.1 devel307.03.201509.03.2015
1481User InterfaceFeature RequestLowDiff visualisationUnconfirmed
0%
4104.05.200809.03.2015
1961User InterfaceFeature RequestLowshow new notifications in flysprayNew
0%
11.03.201511.03.2015
1964DocumentationFeature RequestLowOn page documentationNew
0%
11.03.201511.03.2015
1539Backend/CoreFeature RequestLowSitemap.xml GenerationUnconfirmed
0%
2.12112.01.200911.03.2015
1485User InterfaceFeature RequestLowAdditional extended Printview for the TasksPlanned
0%
2.013.05.200811.03.2015
1957User InterfaceFeature RequestLowautomatic temporary storing while writing/editing taskResearching
0%
209.03.201512.03.2015
1971Backend/CoreFeature RequestLowa field like challenge level or doom levelNew
0%
12.03.201512.03.2015
1811Backend/CoreFeature RequestLowGoogle Docs/Dropbox IntegrationNew
0%
2.0417.01.201313.03.2015
1976Backend/CoreFeature RequestLowSave sorting for actual projectPlanned
0%
1.1 devel15.03.201515.03.2015
1968User InterfaceFeature RequestLowReplace Expand all / Collapse all on Roadmap page by pu...Planned
0%
1.1 devel12.03.201516.03.2015
1977Backend/CoreBug ReportLowWeird URL after closing task with referenceUnconfirmed
0%
115.03.201518.03.2015
1720Backend/CoreFeature RequestLowBetter Access Control Lists and User / Group ManagementPlanned
0%
1.1 devel301.05.201220.03.2015
1983Backend/CoreFeature RequestLowExport Roadmap as "Changelog"Unconfirmed
0%
21.03.201521.03.2015
1981Backend/CoreTODOLowUnify event logging and notificationsConfirmed
0%
1.1 devel220.03.201522.03.2015
1836Backend/CoreFeature RequestLowNeed permission option to view only own tasksPlanned
80%
1.1 devel727.02.201322.04.2015
1990User InterfaceFeature RequestLowRoadmap view should also show due dates and sort each v...Confirmed
0%
1.1 devel217.04.201524.04.2015
Showing tasks 1 - 50 of 308 Page 1 of 7

Available keyboard shortcuts

Tasklist

Task Details

Task Editing