|
2453 | Backend/Core | Bug Report | Medium | validate category before storing a new task | New | |
| 1.0 | | 14.12.2017 | 14.12.2017 |
Task Description
Currently the category_id is not checked if the value is legal for the project when a new task is created.
If invalid category_id is sent, deny creating task and show error message and show filled form again.
If no category_id is sent (or empty string) and category select is enabled:
or
implement feature request FS#2451 and show that user should select a category.
|
|
2454 | Backend/Core | Bug Report | Low | PHP warning in admin edit user area | New | |
| | | 15.01.2018 | 15.01.2018 |
Task Description
Since PHP7.2 shows a warning in admin area ?do=admin&area=users&user_id=1234567890, when user_id is set, but no alternative user_name parameter.
Probably related to scripts/admin.php
$id = Flyspray::UserNameToId(Req::val('user_name'));
if (!$id) {
$id = Req::val('user_id');
}
|
|
2466 | Backend/Core | Information | Low | How to run under https | Unconfirmed | |
| | | 03.06.2018 | 02.12.2018 |
Task Description
I have changed the htaccess.dist into .htaccess and modified to force https. However, despite having https activated on my site I cannot get Flyspray running, it’s waiting forever.When I abort I get a page without makeup. I have all other applications like cms and wiki running under https, so it is something I have not done in the flyspray configs obviously (as this site is running https too). But could you give me a hint?
I installed flyspray in a subdirectory, if that is something to know about...
regards, Albert
|
|
2476 | Backend/Core | Information | Low | Guzzle/Guzzle is abandoned, should use library that's s... | Unconfirmed | |
| | | 10.08.2018 | 10.08.2018 |
Task Description
(Working on a network monitoring system that really needs a ticketing system, saw this and since I speak PHP, thought it would be a good place to start... I just installed and am sharing my notes, do with them what you will!)
|
|
2477 | Backend/Core | Information | Low | old style MySQL extension is abandoned .. | Unconfirmed | |
| | | 10.08.2018 | 10.08.2018 |
Task Description
the old php mysql extension is long ago reached its demise, why bother supporting it?
I also see in the database connector that your supporting MySQL/PDO - why not settle on that? If the queries aren’t MySQL specific, it becomes easier to support other DB’s, etc.
|
|
2479 | Backend/Core | Information | Low | User table seems really complex | Unconfirmed | |
| | | 10.08.2018 | 10.08.2018 |
Task Description
why not store all the user preferences in preferences or user_prefernces? Then users can just be simple username, email, password?
|
|
2480 | Backend/Core | Information | Low | Better file organization | Unconfirmed | |
| | | 10.08.2018 | 10.08.2018 |
Task Description
Save public files inside public or public_html directories, and non-public files outside of those directories;
config file
vendor directory
setup logic
etc
This goes onto another question/point - why are you deleting files from the vendor directory? It happens during composer install, and again after installation? Those files will just get put back if the user ever runs composer install again...
|
|
2481 | Backend/Core | Information | Low | Move to MVC | Unconfirmed | |
| | | 10.08.2018 | 10.08.2018 |
Task Description
That way you can just protect the setup routes after installation, etc.
And have a much less cumbersome .htaccess file.
And take sensitive files outside of the server path and not risk letting them get out in the public
|
|
2482 | Backend/Core | Information | Low | Protect issues by default | Unconfirmed | |
| | | 10.08.2018 | 10.08.2018 |
Task Description
I get that your project is public and you want people visiting this site to see what issues you’re working on, but most people probably don’t want their bugs list open to the public;
Can this be protected/private by default?
|
|
2484 | Backend/Core | Information | Low | Increase min. version of PHP requirement | Unconfirmed | |
| | | 10.08.2018 | 10.08.2018 |
Task Description
Then you can gracefully drop support of old MySQL extension AND drop the need for password compat, since BCRYPT and password_hash are built into PHP from version 5.5 onwards
|
|
2491 | Backend/Core | Bug Report | Low | group member links if project manager but not admin | New | |
| 1.0 | | 01.09.2018 | 01.09.2018 |
Task Description
When a user has project manager permissions, but not admin permissions, then on the ‘edit group’ pages like index.php?do=pm&area=editgroup&id=8 the links in the list of users of that group are
index.php?do=admin&area=users&user_id=12345
instead of linking to the users page
index.php?do=user&area=users&id=12345
and a redirect follows with Error #4: You don’t have administrative rights.
|
|
2522 | Backend/Core | Feature Request | Low | email vs username login issues | Researching | |
| | | 31.10.2018 | 02.11.2018 |
Task Description
So, I’ve been away from Flyspray for more than a few years. When I tried to login to the Flyspray here, I was unable to login, because I don’t remember my username, and I was unable to retrieve my username, because there’s no function for that. I was *also* unable to re-register the same email address. SO, having an account system that requires both unique usernames and unique email addresses, but has no way of retrieving one from the other, doesn’t work out so well.
Suggestion: either use email as username, or add a function to retrieve username (perhaps along with password retrieval . . password retrieval would then have to take username -or- email, probably)
|
|
2527 | Backend/Core | Bug Report | Low | Database Check »Your mysql supports full utf-8 since 5.... | Unconfirmed | |
| | | 05.01.2019 | 05.01.2019 |
Task Description
Steps done to create the problem: Access /index.php?do=admin&area=checks with a MySQL Version >= 5.5.3
Expected behavior: Flyspray tests for character set and displays »Your mysql supports full utf-8 since 5.5.3. You are using x.x.x and flyspray tables could be upgraded.« when database schema or one table isn’t set to utf8mb4 character set.
Experienced behavior: Flyspray always shows this note, even though character set is correct.
As far as I can tell from the source, a query gets executed to the database (and if I do that manually the result is “utf8mb4, utf8mb4_unicode_ci” for my database), but the result doesn’t get checket, the note is always shown (line 123)
|
|
2534 | Backend/Core | Feature Request | Low | Private projects | Unconfirmed | |
| | | 16.01.2019 | 18.01.2019 |
Task Description
I would like to restrict certain projects from view from normal users (Basic group.) I couldn’t find out a way to do it. I could restrict them from viewing tasks, which is good, but it would be nice to hide the project entirely from the Overview screen.
|
|
2535 | Backend/Core | Feature Request | Low | new optional Flyspray setting: add new users automatica... | New | |
| | | 16.01.2019 | 21.01.2019 |
Task Description
When a Flyspray installation allows user self registration and has public but also more private projects, this feature could make the required configuration more clear:
In this case, keep the number of global user groups as low as possible and the global user group for basic or just registered users has only the ‘can login’ permission and nothing more. Because that only would be useless for new registered users, adding them also to a basic user group of a public project could be useful.
So my suggestion is:
A new optional global setting: Something like ‘default project user group’ (store 2 values: a project_id and a group_id). Validity of that setting must be checked during any user registration, so that project must exists now and at later time as also that project user group within that project. (’Checks’ of admin prefs)
So it would be like this for a new registered userA:
userA is in a basic default global user group: only login permission to handle his account registration (login, logout, user preferences, password forgotten)
userA is in project X default user group: some basic permissions you want allow for every (new) registered user in project X
project Y: all ‘allow anyone ...’-settings are unchecked, userA not in any user group of project Y
The setting is probably best put below the ‘Default global group for new users’ setting in the global admin prefs tab #userregistration as
Either: A dropdown list with all public projects with an existing user group and dependend on the selection the available basic project groups are loaded by ajax as a select list too.
Or: Only one dropdown list that contains a list of public projects with possible project user groups. Would not require extra ajax calls and is maybe enough because we could exclude project groups that have project manager permission or such configuration nobody would allow new registered users.
no default project user group
public projectA - simple user groupA1
public projectA - simple user groupA2
public projectB - simple user groupB
public projectC - simple user groupC
This idea could be enhanced further (put the new user to multiple public projects when he registers or let user choose from public allowed projects during registration process), but lets start simple.
|
|
2536 | Backend/Core | Feature Request | Medium | store session in Flyspray database | New | |
| | | 21.01.2019 | 15.03.2019 |
Task Description
Currently the sessions are stored by the webservers default settings.
Having this sessions under control by Flyspray by storing it in the database has following advantages:
Allows handling of all sessions of a user by Flyspray.
Providing a session management for each user. The user can see on which devices he is currently logged in and could also force a logout on selective devices.
A forced logoff of all or some user sessions is easy implementable for admins.
Statistics about how many users and who is logged in. (user status: hide always, online, offline, do not disturb, ..)
Could make onpage-notifications easier to implement.
.. ?
Disadvantages:
A potential unknown security bug in Flyspray that could lead to reading a session db table could leak informations like who is currently online/active and make further attacks more focused or makes session takeover easier.
.. ?
|
|
2559 | Backend/Core | Bug Report | Low | a duplicate close accepted even when missing comment/ r... | New | |
peterdd | | | 29.07.2019 | 29.07.2019 |
Task Description
Closing a task with selected close reason duplicate should warn when there is no comment or FS # id is given in the close comment text field.
The task is closed as duplicate without any further notice. The information to which task it is duplicate or a description (if the problem is logged/handled outside Flyspray) is lost.
Possible solutions
Frontend hints
variant F1 (soft): When duplicate as close reason is selected, a placeholder attribute in the close comment text field could be shown/updated. (maybe as ‘css only’ possible)
variant F2 (harder): Deny sending the form if duplicate selected, but comment text field is empty. and shows warning info. (javascript required, nojs browsers still send form.)
variant F3 (hard): Deny sending the form if duplicate selected and no task id detected in comment text field. and shows warning info. (javascript required)
Backend deny
variant B1 (soft): When request wants close a task with duplicate reason and (cleaned) comment string is empty, deny closing the task and give feedback to user why it was denied.
variant B2 (hard): It requires detecting a task id in the comment field and the first detected task id is taken for referencing as ‘is duplicate of’. Limitation of this is that the duplicate could be also a ticket or something of a complete other system.
|
|
2561 | Backend/Core | Feature Request | Medium | ability to limit assignee permissions (was:User without... | Confirmed | |
| | | 05.08.2019 | 08.08.2019 |
Task Description
I gave a role the following privileges:
A user with the assigned role can still modify the task descriptions and task details. (I want that user to only be able to add comments.) I think there is a bug. Is there a fix or walk around? Thx
|
|
2575 | Backend/Core | Feature Request | Low | ability to view and reset Flyspray default settings | New | |
| | | 19.09.2019 | 19.09.2019 |
Task Description
Motivation
Over the years the count of possible Flyspray configuration options has grown. Meanwhile there are ~60 global Flyspray settings stored in the prefs database table in contrast to only 14 entries of the 0.9.7 (not 0.9.9.7!) version from around 2005. But each configuration setting might add a little to the feeling of overwhelming when there are too much switches, buttons, checkboxes and probability of a misconfiguration raises due misunderstood or overseen settings.
But Flyspray still aims to be easy to use and work with while being accurate and customizable.
Proposal
Having a way to view the description and default value of each option would probably give people administrating a Flyspray installation a better understanding of each setting and confidence in making good decisions for their use case.
With the flyspray-install.xml file within the setup folder we yet have an elegant solution that is waiting to unlock its power!
Unfortunately the setup/ folder requires (until now at least) to be removed after install or upgrade. So we need a way to keep the flyspray-install.xml of the installed version. A trivial way would be to copy it to the include/ directory after any install or upgrade, but also other solutions could be.
Keeping the flyspray-install.xml could making following features easier:
Reading default value of prefs setting. That could be shown for example as css title attribute /tooltip for each setting in the matching admin forms.
Reading default value and field description of any table field using the descr feature of ADOdb xmlschema03.
Comparing the real database structure with the table structures in flyspray-install.xml . This could be useful if someone extended or fiddled with database/tables to compare with official Flyspray releases. Or for developers to compare if an database upgrade went well and as intended.
Having the description of a setting or database field contained within the flyspray-install.xml is good at one place and the information is not spread around like in an external manual/wiki that maybe get unmaintained, not in sync with the application or get even lost over the years.
Using the xml format makes a migration easier (in a broader context, to Flyspray or away from Flyspray)
Using the descr tag could be used to hold information which field(s) of a database table is/are foreign key field(s) pointing to primary key field(s) of another table, even if ADODB xmlschema03 does not support it yet. Would generating database schema diagram directly from flyspray-install.xml possible. (instead of manually painting it that gets outdated when structure changes)
Things to take care:
ADOdb and xmlschema03 does not handle table comments and field comments yet. The descr tag so is there only used when looking into the .xml file, but it does not appear in the real database schema. To make this happen, there is a good portion of contribution to the ADOdB project required (making pull request, but also get them reviewed, tested, accepted and released with a ADOdb stable release)
ADOdb xmlschema03 does not define or handle foreign key constraints. Adding that would require a substantial amount of constribution to get it working reliable for all supported databases that could use foreign key constraints.
limits of table comment length, field comment length depend on database type and database version
|
|
2582 | Backend/Core | Information | Low | How to reach internal windows share (was: Internal URL) | Unconfirmed | |
| | | 04.11.2019 | 05.11.2019 |
Task Description
I have installed flyspray on an internal server and have problems with the renaming of internal links.
For example: I want to put this link in the comment section. \\192.168.200.5\Folder\example.docx
it shows the link correct, but when you hover over the link it shows: file://192.168.200.5/Folder/example.docx
And on clicking on it, of course I can´t access the file, because it´s trying to open an external link. I dont want it to be renamed from ‘\’ to ‘/’.
Can somebody help me please.
I tryed to find it in the sourcecodes, but I have almost no experience in PHP.
Thank you!
|
|
2587 | Backend/Core | TODO | Medium | display_errors=1 should not set in release candidate | Unconfirmed | |
| | | 18.12.2019 | 18.12.2019 |
Task Description
display_errors = 1 should not set in include/fix.inc.php for releases or releases candidate, because with this it is not possibele to disable the error reporting globaly.
The problem is, if I want to enable full error reporting to logfile via “error_log=…” in php.ini, then the error will also full reported to user. Full error reporting is a hig risk for security.
Did you installed an official release or did you used an inoffical docker?! flyspray-1.0-rc9
Steps done to create the problem: Create a file php.in in base directory with follow contens: error_reporting = E_ALL | E_STRICT log_errors = On display_errors = Off error_log = /var/log/php-flyspray-errors.log
Expected behavior: Errors only to log file
Experienced behavior: All errors goes also to user. The option “display_errors = Off” has no effect.
|
|
2588 | Backend/Core | Bug Report | Low | ps_files_cleanup_dir: opendir(/tmp/.priv) failed: Permi... | Unconfirmed | |
| | | 18.12.2019 | 05.02.2021 |
Task Description
Sometimes comes this message with a lot of backtrace log. If you are reporting a bug please provide as much information as possible to help understand and reproduce the problem:
Did you installed an official release or did you used an inoffical docker?! Official download flyspray-1.0-rc9
mysqlnd 5.0.12-dev Linux 64bit PHP Version 7.2.25
Steps done to create the problem: Wait some weeke and edit a ID.
Experienced behavior:
[18-Dec-2019 13:19:41 Europe/Berlin] PHP Notice: session_start(): ps_files_cleanup_dir: opendir(/tmp/.priv) failed: Permission denied (13) in /var/foo/htdocs/flyspray/includes/class.flyspray.php on line 1006
[18-Dec-2019 13:19:41 Europe/Berlin] PHP Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at/var/foo/htdocs/flyspray/includes/class.flyspray.php:1006) in /var/foo/htdocs/flyspray/includes/class.flyspray.php on line 1006
[18-Dec-2019 12:19:41 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at /var/foo/htdocs/flyspray/includes/class.flyspray.php:1006) in /var/foo/htdocs/flyspray/index.php on line 96
[18-Dec-2019 12:19:41 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at /var/foo/htdocs/flyspray/includes/class.flyspray.php:1006) in /var/foo/htdocs/flyspray/index.php on line 97
[18-Dec-2019 12:19:41 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at /var/foo/htdocs/flyspray/includes/class.flyspray.php:1006) in /var/foo/htdocs/flyspray/includes/class.csp.php on line 76
[18-Dec-2019 12:19:41 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at /var/foo/htdocs/flyspray/includes/class.flyspray.php:1006) in /var/foo/htdocs/flyspray/includes/class.csp.php on line 80
[18-Dec-2019 12:19:41 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at /var/foo/htdocs/flyspray/includes/class.flyspray.php:1006) in /var/foo/htdocs/flyspray/includes/class.csp.php on line 82
|
|
2599 | Backend/Core | Information | Low | add post request on new task creation | Unconfirmed | |
| | | 30.03.2020 | 12.04.2021 |
Task Description
I’m currently using flyspray 0.9.9.7
I want to make a little integration of our flyspray installation into slack. I want make a POST request when a “new task is created”
Any experiment guy can help here ? 1. Where is the best place to achieve this quickly as “hack hardcode” 2. Im not php developer, is there any php lib in flyspray todo quick POST request without installing any additional lib.
|
|
2600 | Backend/Core | Information | Low | Error #17 when selecting a project | Unconfirmed | |
| | | 31.03.2020 | 31.03.2020 |
Task Description
When I am at the global projects page at index.php?do=admin&area=editallusers and now select a project from the dropdown menu at the top right, I get an error
FEHLER #17: Ungültiger Projektmanager-Bereich!
(according to the the translation area this is key 813: error17 Invalid PM area.)
If I select the project again, the projects start page will be shown correctly.
|
|
2603 | Backend/Core | Bug Report | Very Low | Psi XMPP client (19-04-09) | Waiting on Customer | |
| | | 21.04.2020 | 25.09.2020 |
Task Description
From: https://groups.google.com/forum/?hl=en#!topic/flyspray/jC5BBQ1XiQo
19-04-09 // More one year ago.
On https://www.flyspray.org/ On https://www.flyspray.org/devel/team/
Replace : - https://www.psi-im.org/ → https://psi-im.org/
→ Remove the WWW.
|
|
2617 | Backend/Core | Feature Request | Low | Preview button not at the good place | Maybe | |
| | | 26.09.2020 | 26.09.2020 | |
|
2626 | Backend/Core | Bug Report | Critical | Create a new build, last stable is 0.9.9.7 (2012-05-28)... | Unconfirmed | |
| | | 27.02.2021 | 05.05.2021 | |
|
2627 | Backend/Core | Bug Report | Low | checkLogin: Trying to access array offset on value of t... | Unconfirmed | |
| | | 09.03.2021 | 11.03.2021 | |
|
2629 | Backend/Core | Bug Report | Low | activating history tab sends same request 2 times | New | |
| | | 11.03.2021 | 11.03.2021 | |
|
2643 | Backend/Core | Information | Low | Unable to delete a wrong Task | Unconfirmed | |
| | | 07.07.2021 | 08.07.2021 | |
|
2644 | Backend/Core | Feature Request | Medium | mark specific task as spam and punish user account who ... | New | |
| | | 08.07.2021 | 08.07.2021 | |
|
2654 | Backend/Core | TODO | Medium | PHP8.1 compatibility | New | |
| | | 19.10.2021 | 19.10.2021 | |
|
2656 | Backend/Core | Feature Request | Low | keep link parameters for new task if not yet logged in | New | |
| | | 24.11.2021 | 24.11.2021 | |
|
1673 | Backend/Core | Bug Report | High | Only white screen after upgrade to 1.0 - reasons | Confirmed | |
| 1.1 devel | 4 | 12.01.2011 | 17.08.2016 | |
|
2063 | Backend/Core | Feature Request | Very Low | show closed/open usage count on do=pm&area=XXX | New | |
peterdd | | | 29.09.2015 | 25.03.2021 | |
|
2449 | Backend/Core | Bug Report | Low | Unexepted exception on smtp gmail send | Unconfirmed | |
| | | 29.10.2017 | 10.01.2018 | |
|
1751 | Backend/Core | Feature Request | Medium | Default to show all in Event Log | Confirmed | |
| 1.1 devel | 1 | 20.06.2012 | 09.02.2016 | |
|
1812 | Backend/Core | Feature Request | Low | Multiple email addresses | Planned | |
| 1.1 devel | | 17.01.2013 | 30.12.2015 | |
|
1875 | Backend/Core | Feature Request | Medium | Ability to mark project as completed | Maybe | |
| 1.1 devel | 1 | 26.09.2013 | 12.10.2015 | |
|
2101 | Backend/Core | Bug Report | Low | Mobile view GUI bug | Confirmed | |
| | | 18.02.2016 | 24.02.2016 | |
|
2573 | Backend/Core | TODO | Low | add rel nofollow,ugc,.. settings | New | |
peterdd | | | 14.09.2019 | 15.09.2019 | |
|
1861 | Backend/Core | Bug Report | Medium | Login-Page should redirect after login to the page, the... | Confirmed | |
| 1.1 devel | 1 | 12.04.2013 | 09.07.2018 | |
|
1791 | Backend/Core | Feature Request | Medium | Ability to merge version, OS, etc | Suspended | |
| | 1 | 12.12.2012 | 12.01.2017 | |
|
1849 | Backend/Core | Feature Request | High | Installer Overhaul | Planned | |
| 1.1 devel | | 15.03.2013 | 15.07.2016 | |
|
1975 | Backend/Core | Feature Request | Low | Batch processing of tasks in tasklist | Planned | |
| 1.1 devel | 1 | 15.03.2015 | 13.12.2016 | |
|
2089 | Backend/Core | Bug Report | Medium | adding same taskid as subtask or related task should be... | New | |
| 1.0 | | 07.11.2015 | 18.11.2016 | |
|
2135 | Backend/Core | Bug Report | High | "Modify own tasks" does not function correctly when add... | Confirmed | |
| 1.0 | 1 | 07.06.2016 | 22.08.2016 | |
|
2208 | Backend/Core | Information | Low | Severity "medium" by default | Suspended | |
| | 1 | 27.09.2016 | 29.09.2016 | |
|
2330 | Backend/Core | Bug Report | Low | PHP Notice: Undefined offset: 0 in scripts/index.php o... | Unconfirmed | |
| | | 23.01.2017 | 30.01.2017 | |
|
2338 | Backend/Core | Bug Report | Medium | Export tasks to csv has issues | Unconfirmed | |
| | | 02.02.2017 | 12.03.2019 | |