Flyspray - The bug killer!

This is the Bug Tracking System for the Flyspray project. This is not a demo!

2019-04-22: Flyspray 1.0-rc9 released See https://github.com/Flyspray/flyspray/releases

ID Category Task Type Severity  desc Summary Status Progress Assigned To Due In Version Opened Last Edited
2552EmailBug ReportHighEmail TLS error (was 'Mail Adress encryption')Unconfirmed
0%
130.05.201931.05.2019 Task Description

Official release

Steps done to create the problem:
Insert correct (tested with gmail) data into the notification tab and click on “Test”

SSL and TLS are checked.

Expected behavior:
Send test email and confirm it.

Experienced behavior:
Following error message

Error message:
Warning: stream_socket_enable_crypto(): Peer certificate CN=`*.netcup.net’ did not match expected CN=`mail*.netcup.net’ in /var/www/vhosts/.netcup.net/httpdocs/**/flyspray/vendor/swiftmailer/swiftmailer/lib/classes/Swift/Transport/StreamBuffer.php on line 103 Completely unexpected exception: Unable to connect with TLS encryption
This should never happend, please inform Flyspray Developers

2499User InterfaceBug ReportHighChange recaptcha from using file_get_contents to CurlUnconfirmed
0%
118.09.201802.11.2018 Task Description

The issue with many servers now and the reason that recaptcha does not work is because it requires servers to enable allow_url_fopen which is a huge security risk. That is why you get the warning message when you try to run recaptcha that file_get_contents failed to connect.

So the solution is to use Curl to do that job.

Here is the fixed file, excuse my mess i had not cleaned up my code yet... but recaptcha now works.

this file goes in the includes dir... you can clean up the file if you like again sorry about that.

2456User InterfaceBug ReportHighMissing GUI controlsUnconfirmed
80%
509.02.201810.02.2018 Task Description

After updating from “1.0-rc6” to “1.0-rc7 dev” there is missing controls menu on writer. Look attachment.
How to solve this?

Is there any settings to enable this or I’m missing something...

2336Backend/CoreBug ReportHighCaptcha validation always fail on registrationUnconfirmed
0%
1301.02.201721.07.2018 Task Description

Correct or wrong code return false!

The results of Securimage Test Script on my server

This script will test your PHP installation to see if Securimage will run on your server.

Session Functionality: Yes!
GD Support: Yes!
GD Version: bundled (2.1.0 compatible)
imageftbbox function: Yes!
TTF Support (FreeType): Yes!
JPEG Support: Yes!
PNG Support: Yes!
GIF Read Support: Yes!
GIF Create Support: Yes!
SQLite Support: Yes!
SQLite is available. If you choose to use it, Securimage can support users who do not accept cookies.
MySQL Support: Yes!
MySQL is available. If you choose to use it, Securimage can support users who do not accept cookies by storing codes in MySQL.
PostgreSQL Support: No
No PostgreSQL support.
LAME MP3 Support: No
LAME was not found, audio will work in WAV format, but not MP3. See Securimage HTML5 audio documentation for info.
Your server meets the requirements for using Securimage!

on modify.inc.php line:754 got

if( !Post::isAlnum('captcha_code') || !$image->check(Post::val('captcha_code'))) {
if( true == false || false == false ) {
2319Installer and UpgraderBug ReportHighUpdate failed with "invalid byte sequence for encoding ...Unconfirmed
0%
223.11.201609.12.2016 Task Description

I’m trying to upgrade from 0.9.9.7 to 1.0-rc4 but the Upgrader stops with this message:

Query {UPDATE "tasks" SET detailed_desc = ?WHERE task_id = ?} with params {,400} Failed! (ERROR: invalid byte sequence for encoding "UTF8": 0xc3 0x3c)

Ubuntu 14.04.5 LTS
PostgreSQL 9.3.10

2207Backend/CoreBug ReportHighNonpublic project titles and project description exposi...Confirmed
0%
1.0123.09.201629.09.2016 Task Description

When a anonymous user tries to display a ticket of a non public project (for example by entering a random ticket id), Flyspray exposes the title of the non public project in the header bar.

Edit by peterdd: also applies to project description

2202Installer and UpgraderBug ReportHighUnable to upgradeUnconfirmed
0%
310.09.201611.10.2016 Task Description

I tried to upgrade from 0.9.9.7 to 1-0-rc1 but I end in an infinite redirection loop

I tried to use the github version, to change the domain name (hosted in dreamhost), to use/not-use the .htaccess, upgraded the version of php from 5.5 to 5.6, to change all the settings in the flyspray.conf.php file, but still having the error after to perform the Upgrade task and removing the setup dir

Used the prepacked dependencies since i cannot install them in this server

Thanks
Thanatermesis

2201APIBug ReportHighI got Fatal Error on the Github OAuthUnconfirmed
0%
1.0107.09.201609.09.2016 Task Description
Fatal error: Class 'League\OAuth2\Client\Provider\Github' not found in /html/bugs/includes/GithubProvider.php on line 11

I have downloaded this:
Precompiled with 3rd party libs for PHP5.6: flyspray-1.0-rc1_php56.tgz
and the file seems really dont exist.

2197Backend/CoreBug ReportHighChange Time for everyoneUnconfirmed
0%
121.08.201622.08.2016 Task Description

Flyspray does not recover the time set in php.ini. On display, the system has two hour delay.

2159Backend/CoreTODOHighfresh registered user accounts created spam tasksNew
0%
204.07.201625.10.2016 Task Description

Today it was first time I see real spam on bugs.flyspray.org

The 2 spam accounts registered today and started creating spam posts as new tasks.

What is the reason? Was it by real humans or bots?

So what can we do to reduce this in future?

Ideas for making it harder and unattractive for spammers:

  • Users who never opened a nonspam-task or contributed a useful comment should solve a captcha
  • Limit the amount of creating tasks for new registered users or a user groups, like limiting to 2 tasks or 1 task per user per day.
  • Settings for a more moderated task creation process? Like a quarantine dbtable for tasks?
  • If we closed such spam tasks with WTF? reason, it will still be listed by search engines like google at the moment:
  1. Move spam tasks to a ‘dumpster project’, that is not visible for guests (search engines!) too.
  2. Or make spamming to visible flyspray projects unattractive, lets set noindex for: closed task for some special reason id?
  3. Delete spam tasks from database if allowed by your organization

Update: another and this time more aggressive phone number spammer.

2135Backend/CoreBug ReportHigh"Modify own tasks" does not function correctly when add...Confirmed
50%
1.013107.06.201622.08.2016 Task Description

“Oh, there are some incompatible properties set that must be resolved before moving this task to a different project.”

Oh, but I am not moving the task to a different project. Just trying to edit my own submission.

“Edit this task” → “Save details”

See attached screen capture.

2134Backend/CoreBug ReportHighCannot assign a task to other projectPlanned
0%
3207.06.201617.02.2019 Task Description

Moving task to another project seems to require fields updated to target project options. This operation is not possible on the task category field and possibly others. Attempting to submit changes gives error:

“Oh, there are some incompatible properties set that must be resolved before moving this task to a different project.”

However, you cannot select a new value (from the target list) for the properties in question.

2094EmailBug ReportHighAfter Upgrade All Users Receive Notifications for All T...Unconfirmed
0%
4106.01.201613.01.2016 Task Description

I upgraded from 0.9.9 to 1.0-beta2 a few hours ago. I received an error about oauth during the upgrade (didn’t think to take a screenshot). In any case, the upgrade otherwise seemed to go smoothly. When I subsequently closed a few tasks people who weren’t assigned to receive notifications for those tasks, even old consultants whose account I had disabled years ago, received the email notification. I also received lots of bounced emails from accounts whose email addresses were no longer existant.

Has anyone else experienced this? I’ve gone into the database and null’d out the email addresses of old accounts to prevent further spam. Not only did it notify everyone who had an account (active or disabled) but it put their email address in the To: field for all to see.

2087Backend/CoreInformationHighSee no Editor in Add New TaskUnconfirmed
0%
4104.11.201505.11.2015 Task Description

Hi,

I can’t see the Editor when I make new task. Also when I editing a exciting task.

See nothing to put any HTML code in it. Can you help me!?

I use this version: Flyspray 0.9.9.7

2086Backend/CoreBug ReportHighBasic User can see all Projects and TasksUnconfirmed
20%
803.11.201526.01.2017 Task Description

Since Update to Flyspray 1.0 Beta2 all users can see every task in every project.

The rights were set up correctly in Flyspray 1.0 Alpha and worked just fine.

2075NotificationsBug ReportHighToo spammy notifications under some circumstancesRequires testing
40%
1.019.10.201503.11.2015 Task Description

danoh on github wants to work on patch. Couldn’t find him here..

2044Database QueriesBug ReportHighNeed set_charset for DB connect in config fileConfirmed
10%
1.019204.09.201506.06.2018 Task Description

make a option in configuration file

me need set same $db1→set_charset(’utf8mb4’); for my MySQLi

have a problem with national letters

I see this error after i try enter national letters to the summary input text field for create new task

Query {UPDATE `flyspray_tasks` SET project_id = ?, task_type = ?, item_summary = ?, detailed_desc = ?, item_status = ?,
 mark_private = ?, product_category = ?, closedby_version = ?, operating_system = ?, task_severity = ?, task_priority = ?, 
last_edited_by = ?, last_edited_time = ?, due_date = ?, percent_complete = ?, product_version = ?, estimated_effort = ?
 WHERE task_id = ?} 
with params {1,1,тестовая задача,<p>sdfsdfdsfsd</p> ,2,0,4,0,1,2,4,1,1441344777,0,0,1,0,2} Failed!
(Incorrect string value: '\xD1\x82\xD0\xB5\xD1\x81...' for column 'item_summary' at row 1)
1965Public RelationsBug ReportHighPR fixes for FS 1.0 on external sitesNew
0%
1.1 devel111.03.201524.07.2015 Task Description

Summary of TODO I found on the net:

  • There is a very old project site of flyspray on sf.net . The info there should be updated or removed.
1849Backend/CoreFeature RequestHighInstaller OverhaulPlanned
50%
1.1 devel515.03.201315.07.2016 Task Description

The application installer needs an overhaul, all strict notices fixed and the associated dependant tasks resolved.

1673Backend/CoreBug ReportHighOnly white screen after upgrade to 1.0 - reasonsConfirmed
10%
1.1 devel31412.01.201117.08.2016 Task Description

After I upgraded to version 1.0 (the upgrade was successful), flyspray only shows a white page (and the source in firefox shows, that the page is completely white).


Please help us finding the roots of these bugs!

Please report what you were exactly doing before this happend, report us your steps made, the used php version, used OS version, and such information.

We think most cases of that “white screen” are relying on the third party vendor libraries behavior we use.
When a library detects an error, sometimes they just call die() or exit; of php, but suppress error messages. So the script just stopped not giving any output to browser.

The dev versions from github use composer for installing the required libraries. We will package them on the final release together and make sure most cases of “white screen” are fixed.

2568DocumentationBug ReportMedium[MANUAL] a missing image in "Understanding Permissions:...Unconfirmed
0%
101.09.201902.09.2019 Task Description

In the page http://www.flyspray.org/manual/group_permissions/ , it is written

Shown is an image of the permissions page for the Flyspray project’s Contributors group

but there is no image in there.

I can think of two ways of dealing with that I guess:

  1. add an image
  2. remove the sentence

What do you think?

2566Installer and UpgraderFeature RequestMediumsyntax_plugin after an upgrade from 0.9.9.7 -> 1.0-rc9Unconfirmed
0%
4130.08.201914.09.2019 Task Description

database: mysql - version: 5.5.62-0+deb8u1
php version: 5.6.40
Debian (probably a Buster one)

Steps done to create the problem: I used to run a 0.9.9.7 version, and today, I decided to go for a 1.0-rc9 update.

Expected behavior: all works

Experienced behavior: most works, but not all

Details: after the update, I had weird display behaviour where the task weren’t displaying breaklines:
http://pix.toile-libre.org/upload/original/1567183628.png

while the code was supposed to have breaklines:
http://pix.toile-libre.org/upload/original/1567183667.png

Then, I’ve read: https://bugs.flyspray.org/index.php?do=details&task_id=2318 which leads me to: https://github.com/Flyspray/flyspray/blob/master/setup/templates/administration.tpl#L49

Then, I’ve changed

syntax_plugin="none"

for

syntax_plugin="dokuwiki"

in flyspray.conf.php, and now all is fine:
http://pix.toile-libre.org/upload/original/1567183768.png

I’m already enjoying bold/italic/code/… very nice addition from 0.9.9.7, thank you!

That said, something which looks to be an issue from my (user) perspective is that when upgrading from 0.9.9.7 → 1.0-rc9, I wasn’t asked for a “syntax plugin” thing and it looks that the only way to change it so far is to CLI-edit the flyspray.conf.php file.

I would strongly suggest to make this an option in the admin panel.

Thanks for flyspray that I’m using fo my librazik project.
All the best,
Olivier

2561Backend/CoreFeature RequestMediumability to limit assignee permissions (was:User without...Confirmed
0%
705.08.201908.08.2019 Task Description

I gave a role the following privileges:

  • view own tasks
  • modify own tasks
  • view comments
  • add comments

A user with the assigned role can still modify the task descriptions and task details. (I want that user to only be able to add comments.)
I think there is a bug.
Is there a fix or walk around?
Thx

2536Backend/CoreFeature RequestMediumstore session in Flyspray databaseNew
0%
221.01.201915.03.2019 Task Description

Currently the sessions are stored by the webservers default settings.

Having this sessions under control by Flyspray by storing it in the database has following advantages:

  1. Allows handling of all sessions of a user by Flyspray.
  2. Providing a session management for each user. The user can see on which devices he is currently logged in and could also force a logout on selective devices.
  3. A forced logoff of all or some user sessions is easy implementable for admins.
  4. Statistics about how many users and who is logged in. (user status: hide always, online, offline, do not disturb, ..)
  5. Could make onpage-notifications easier to implement.
  6. .. ?

Disadvantages:

  1. A potential unknown security bug in Flyspray that could lead to reading a session db table could leak informations like who is currently online/active and make further attacks more focused or makes session takeover easier.
  2. .. ?
2490User InterfaceBug ReportMediumReset Password's Username field has maxlength of 20 - t...Confirmed
50%
1.0201.09.201810.09.2018 Task Description

I’ve set up an account with a username longer than 20 characters, but can’t reset the password because the
flyspray/index.php?do=lostpw
page username field has maxlength=”20” The maxlength for a new user registration seems to be 32 characters.

A related concern is that when setting up the default/admin user on first load of the system, I can use an email address as username (always my preference), but it’s actually not a valid username to create for others thereafter. Consider allowing ‘@’ character in usernames.

2453Backend/CoreBug ReportMediumvalidate category before storing a new taskNew
0%
1.014.12.201714.12.2017
2447Backend/CoreFeature RequestMediumAllow notifications when a new task is createdUnconfirmed
0%
226.10.201729.10.2017
2441Backend/CoreBug ReportMediumrefactor dokuwiki image tagsNew
0%
15.09.201715.09.2017
2343EmailBug ReportMediumNotification mailUnconfirmed
0%
214.02.201715.02.2017
2338Backend/CoreBug ReportMediumExport tasks to csv has issuesUnconfirmed
50%
202.02.201712.03.2019
2332Backend/CoreBug ReportMediumCSV export filename filteringNew
0%
224.01.201724.01.2017
2328Backend/CoreFeature RequestMediumAdd [key] support for each project instead of FS#Unconfirmed
0%
1120.01.201710.02.2017
2323User InterfaceFeature RequestMediumshow category tree in task listUnconfirmed
0%
113.12.201614.12.2016
2322User InterfaceFeature RequestMediumMention SystemNew
10%
7107.12.201619.10.2019
2317User InterfaceBug ReportMediumDate format wrongConfirmed
20%
1.1 devel122.11.201622.11.2016
2304Database QueriesBug ReportMediumGreek letters crash tagsConfirmed
0%
126.10.201626.10.2016
2209AuthenticationFeature RequestMediumTLS support for LDAPUnconfirmed
0%
109.10.201604.09.2019
2200User InterfaceBug ReportMediumIncomplete list of timezones available in the user pref...Unconfirmed
0%
26.08.201626.08.2016
2136User InterfaceBug ReportMediumAfter updating user properties as admin - return to wro...Confirmed
0%
308.06.201623.07.2016
2122Backend/CoreBug ReportMediumopen_basedir restrictions for FS_CACHE_DIR not respecte...Suspended
0%
4122.04.201616.08.2016
2121Backend/CoreBug ReportMedium'my assigned tasks' uses like %?% search instead of use...Confirmed
90%
1.0319.04.201603.02.2018
2119Backend/CoreBug ReportMediumfunction filter_input not always availableResearching
0%
15.04.201615.04.2016
2116EmailBug ReportMediumError with email notificationUnconfirmed
0%
1908.04.201615.04.2016
2114TranslationsTODOMediumStandardize the priority meaning across flyspray transl...New
0%
207.04.201626.03.2018
2112APIBug ReportMediumAssigned tickets aren't editable for lower privileged u...Unconfirmed
0%
231.03.201611.04.2016
2111Installer and UpgraderBug ReportMediumUpon trying to install flyspray release, setup says I'm...Planned
10%
224.03.201605.06.2016
2108User InterfaceFeature RequestMediumSupport local language when install FlysprayConfirmed
30%
3103.03.201615.07.2016
2105Backend/CoreFeature RequestMediumcountermeasures for 'add task anonymous' spamNew
0%
127.02.201627.02.2016
2098User InterfaceBug ReportMediumAttached image cannot be downloadedConfirmed
50%
1.1 devel530.01.201610.01.2017
2097User InterfaceBug ReportMediumUrl incorrect for view attachementUnconfirmed
0%
10116.01.201602.03.2016
Showing tasks 1 - 50 of 301 Page 1 of 71 - 2 - 3 - 4 - 5 - Last >>

Available keyboard shortcuts

Tasklist

Task Details

Task Editing