Flyspray - The bug killer!

This is the Bug Tracking System for the Flyspray project. This is not a demo!

2019-04-22: Flyspray 1.0-rc9 released See https://github.com/Flyspray/flyspray/releases

ID Category Task Type Severity Summary Status  desc Progress Assigned To Due In Version Opened Last Edited
2594Backend/CoreTODOHighpagination of user listAssigned
50%
peterdd1.0-rc1023.02.202012.04.2020 Task Description

For Flyspray installations with many users (several thousands) a pagination of the user list in the admin area is required.

2000 users no problem to display (aside the PHP max_input_vars limit which is only 1000 by default, so maybe not all checked checkboxes are handled.)

More users might send your mysql to long running blocking queries creating temp tables … bad!

(I killed them by watching show processlist; and kill id; on mysql console.)

2601Public RelationsFeature RequestMediumhttp -> https missing redirection (19-04-09)Assigned
10%
Florian SchmitzCristian Rodríguez R.221.04.202002.05.2020 Task Description

From: https://groups.google.com/forum/?hl=en#!topic/flyspray/rAnks5y_uLk

19-04-09 // More one year ago.

There are not http → https redirections.

Only one example:
- http://www.flyspray.org/docs/download/ is not redirected to https://www.flyspray.org/docs/download/

Note: It is better to have the main website in https://flyspray.org/.

http://www.flyspray.org/ + https://www.flyspray.org/ + http://www.flyspray.org/ must be redirected to https://flyspray.org/

2118User InterfaceFeature RequestLowShow overview of existing tags for usersAssigned
20%
peterdd1.1 devel09.04.201626.10.2019 Task Description

At several places it could be useful to let the user view available tags:

  1. When editing a task a toggle popup could show a list of selectable and existing tags.

I found several nice vanilla-js-multiselect-with-autocompletion scripts, but none yet that still works at a basic level when javascript is turned off.

My plan is now:

  • Keep the current basic input text field for input tags and show current assigned tags like exampletag1;exampletag2;exampletag3 separated by ‘;’ that is sent to the server when saving the task and server handles evaluation of that string (validation, duplicates, removed, added, creating new tags if allowed for current user)
  • A CSS only toggle that shows available tags that can be assigned (works even with js turned off), similiar to other places within Flyspray like advanced search toggle.
  • If js turned off, the user must type the tag - not as fancy, but at least works. (I thought also about using a html select with multiple=”multiple” attribute, but was not convinced due styling not possible in modern browsers without js)
  • If js is enabled, more fancier stuff is possible:
    • The input text field is hidden by display:none and instead the styled tags are shown.
    • The current added tags also get a little x to remove a tag by clicking it. The content of the hidden input text field is updated to reflect the current editing status. (click eventlistener)
    • A generated text input field for typing with autocompletion list shown of matching availbale tags. An unknown tag is added to the list if user is allowed to create tags. Clicking a item in the autocompletion list adds the tag and resets the autocompletion input text field for the next autocompletion action.
    • The tags within the toggle list with all available tags get also a click event listener, so clicking it adds them to the hidden text input.
    • Not sure yet if an added tag should be removed from the all available tags list or just make an CSS indication that a tag is still added, currently I tend to keep the list untouched, just highlight used tags of the task.
  • Optionally make the all available tags sortable by:
    • list_position (default)
    • alphabetic
    • global or project level
    • popularity (count of tasks using a tag (n + unnumbered private)), requires adding a data attribute.
    • group by detected prefix like shape:triangle shape:circle shape:rectangle could show a group of tags as: shape: triangle circle rectangle
  1. Make the list of tags searchable for the advanced search. added with FS1.0-rc10 by just using search key words also for searching list_tags table.
2316Backend/CoreBug ReportLow"wrongtoken" is displayed if the comment box is left si...Assigned
0%
peterdd7122.11.201629.07.2019 Task Description

I understand this is likely due to some sort of XSS CSRF protection, but the delay doesn’t appear to be long enough to be useful for a lengthy comment to be posted. I’ve now lost two detailed comments in our tracker because the software threw everything out and generated a meaningless error.

Further, attempting to do the normal thing and making the browser resubmit the page results in Flyspray throwing “Error #3” something something repeated action and causing a redirect to the homepage.

Surely there has to be a better way to handle this that doesn’t incur data loss?

2598User InterfaceBug ReportLowuser registration in admin area: "username taken" but t...Assigned
0%
peterdd1.0-rc10320.03.202027.03.2020 Task Description

Trying to add a new user having the same email address as an another user in the do=admin&area=newuser section results in

“That username is already taken. You will need to choose another one.”

instead of

“Email address has already been taken”

(I’ve stumbled on this issue because I have an older disabled user with the same email address)

1965Public RelationsBug ReportHighPR fixes for FS 1.0 on external sitesNew
0%
1.1 devel111.03.201524.07.2015 Task Description

Summary of TODO I found on the net:

  • There is a very old project site of flyspray on sf.net . The info there should be updated or removed.
1960Backend/CoreBug ReportMediumforeign key relations between versions and tasksNew
0%
209.03.201513.08.2015 Task Description

It seem that when deleting a version entry in a project, that tasks that have this version assigned are still connected to this deleted version. For example FS#1222 (on 2015-03-09).

There are several options to solve such things:

  • Deny deletion of version as long as tasks assigned to this project version.
    • Either by doing a testing SQL query to check this case coded in PHP. Take care to keep this centralized, must also be respected by an eventually later added Flyspray API (XMLRPC or whatever).
    • add SQL foreign key constraints with ON DELETE RESTRICT
      • Pro: some business logic can be directly enforced by SQL.
      • Cons: higher requirements for hosting, if using mysql innodb tables must be available on the hosting
  • Move the tasks of this version to a default fallback version before deleting the version tag.
    • Either doing one transaction doing : 1. move the tasks to its fallback version, 2. delete the version
    • add SQL foreing key constraint with ON DELETE SET $fallbackversionid. Some pros & cons like on the the denying option.

The same for other assignments for tasks.

This issue is similiar to the massop issue: (https://github.com/Flyspray/flyspray/issues/130)

1991User InterfaceFeature RequestMediumAbillity to drill into progress graph from toplevel vie...New
0%
17.04.201524.04.2015 Task Description

From the overview view for a project the progress charts should be large and show dates so can have a better sense for absolute progress and then when click it should see it full size going back to start of project and showing dates.

1999XMPP/JabberFeature RequestMediumjabber xmpp configurationNew
0%
8122.06.201511.02.2017 Task Description

There should be some help at the configuration sections for setting up jabber/xmpp notifications.

How someone can test it?

Must the admin setup his own jabber/xmpp server or are there recommended servers?

I registered with psi+ instant messager as peterdd@ubuntu-jabber.de at ubuntu-jabber.de for testing
and configured it here in my account too, but got no jabber messages.

Email notifications works and I set up both sending.

2012Backend/CoreFeature RequestMediumManaging TagsNew
60%
1.1 devel418.07.201512.11.2015 Task Description

Tags can only be added on the "new task" page, not managed on the "edit task"-page.

2016User InterfaceTODOMediumheading and h1, h2, h3New
0%
1.1 devel23.07.201523.07.2015 Task Description

We should change the document logic a bit here. For public projects search engines like well structured pages more then others. And we get a consistent structure too in future for Flyspray.

This I have in mind

Project area name ("All Projects" or "Project name")

  • Currently: h1-tag
  • My wish: not a h1-tag anymore here

Admin setting / Project setting pages, title of the sub pages

  • Currently: h3-tag!
  • My wish: h1 tag

Section names in these pages

  • Currently: h4-tags
  • My wish: h2 tags, subsubs then h3,...

Task view page

Task name=summary

  • Currently: h2 tag
  • My wish: h1 tag

Task descriptions then can use structuring their task description starting as h2,h3,h4 (done by dokuwiki renderer for example)

Toplevel project overview /dashboard

  • Currently: h2 for each project name
  • My wish:
  • * keep h2 for each project name
  • * h1 for the page heading (maybe hidden by css)

New Task page

  • Currently: h2 for summary and tags. Wrong logical nesting!
  • My wish: drop the h2 for form field labels

Reports page

  • Currently: h3 tag
  • My wish: h1 tag

Roadmap page

  • Currently: h3 tag for each milestone
  • My wish:
  • * h2 tag for each milestone,
  • * h1 tag for heading (maybe hidden by css)

MyProfile page

  • Currently: h3 tag for each section
  • My wish:
  • * h2 tag for each section
  • *h1 tag for heading (maybe hidden by css)

(Sure the theme.css must be adapted to this change.)

2020XMPP/JabberFeature RequestMediumFunction to test jabber/xmpp configuration New
0%
1.1 devel1131.07.201519.09.2015 Task Description

The flyspray admin users should be able to test their jabber/xmpp configuration, check if sending jabber notification is working and if not, give useful error messages back, so the user is able to fix the configuration.

2028Text RenderingBug ReportMediumupgrade dokuwiki 'plugin'New
0%
12.08.201520.08.2015 Task Description

I see php deprecation notices with php 5.6+ from the geshi syntax highlighter plugin of dokuwiki plugin sometimes. (seems to be go away on the second view, so probably not seen on cached views)

It can't be found easy with

grep -r preg_replace | grep '/e'

Because the preg_replace modifiers are added dynamic depending on the target programming language. At least in the version we have in flyspray.

2074User InterfaceBug ReportMediumOpening tasks from tasklistNew
0%
1.0318.10.201518.07.2016 Task Description

Removing table on row click made it impossible to open a task’ details if you do not display the task id and summary on the task list, because now those two cells are the only clickable items to open a task, instead of the entire line being the hyperlink

2078User InterfaceBug ReportMediumlayout of requested close on small displaysNew
0%
1.026.10.201529.10.2015 Task Description

currently absolute positioning overlapping deny button and not full visible

Possible better solution:

  • cssbased toggle
  • left:50%; width:300px;margin-left:-150px;margin-top:50px;
2089Backend/CoreBug ReportMediumadding same taskid as subtask or related task should be...New
50%
1.0207.11.201518.11.2016 Task Description

Both is a bit illogical, but both is currently possible! ;-)

1 ←- 1

So when setting the parent task id checked for creating loops is needed:

Loop with 2 tasks: 1 ←- 2 ←- 1

Loop with 3 tasks: 1 ←- 2 ←- 3 ←- 1
Loop with n tasks: 1 ←- ... ←- n < – 1

As I think there are currently no recursive reads that could lead to an endless loop, but should be kept in mind when someone wants to programm rendering a gantt chart.
E.g. by limiting the depth of subtasks for example.

2105Backend/CoreFeature RequestMediumcountermeasures for 'add task anonymous' spamNew
0%
127.02.201627.02.2016 Task Description

Today I got first SPAM on bugtracker.

Question: Is it possible to enable CAPTCHA for anonymus task add?

Question 2: Is it possible to delete SPAM tasks.

2114TranslationsTODOMediumStandardize the priority meaning across flyspray transl...New
0%
207.04.201626.03.2018 Task Description

Standardize the priority meaning across flyspray translations.

Idea:

0 - priority unset (database field default value)

1 - defer (or very low priority, often results the task is defered, see “Eisenhower principle”)
2 - low
3 - normal
4 - high
5 - very high

6 - flash (house burns, catastrophic event, website down, “boss” decision)

Some other software (other task planers/ email programs) use a 1-5 step priority. So an export feature to other software may merge priority 6 to priority 5 for such software.

In 2012 meaning was changed only in english translation.

Before normal was priority 2 in a 1-6 range, after it is priority 4 in a 1-6 range.
It should be IMHO 3 in that 1-6 range.

2322User InterfaceFeature RequestMediumMention SystemNew
10%
7107.12.201619.10.2019 Task Description

Hello together,

it would be nice, if you could mention user in your ticket or comment which are not following the task.
for example when i will type @nickname, the user “nickname” should be get a e-mail that he is mentioned in the ticket.

(if we are “fancy” then we can print a automcomplete after the @-sign ist typed)

2332Backend/CoreBug ReportMediumCSV export filename filteringNew
0%
224.01.201724.01.2017 Task Description

The filename for the csv export is build based on project name and current date.

Due different handling of web browsers, the appropriate http header should send the filename in ascii and also provide them as utf-8 for web browsers who can handle that.

Related RFC5987

2441Backend/CoreBug ReportMediumrefactor dokuwiki image tagsNew
0%
15.09.201715.09.2017 Task Description
I’ve tried inserting an image in the intro message but it doesn’t show. Is there something broken in the formattext.inc file? Seems unlikley because it’s so old but can’t work out why nothing shows.
Alan

I had to disable some parts last year within dokuwiki quickly due sever reported security issues in that area.

As tradeoff embedding images currently don’t work within dokuwiki textareas in Flyspray.

As I too wish that feature reappear working for my projects, this is on my personal list. But requires focused free time because must be made secure.

Maybe instead of using fetch.php of dokuwiki, we can use Flypsray’s ?getfile=id , which also checks permissions.
But must check also securly file types and maybe resize images to fit into the desired page (thumbnails).

2453Backend/CoreBug ReportMediumvalidate category before storing a new taskNew
0%
1.014.12.201714.12.2017 Task Description

Currently the category_id is not checked if the value is legal for the project when a new task is created.

  • must be unsigned int
  • must be an active category_id of the project or global category.
  • setting a category_id must be allowed - see project settings.

If invalid category_id is sent, deny creating task and show error message and show filled form again.

If no category_id is sent (or empty string) and category select is enabled:

  • either choose a default category

or

  • implement feature request FS#2451 and show that user should select a category.
2536Backend/CoreFeature RequestMediumstore session in Flyspray databaseNew
0%
221.01.201915.03.2019 Task Description

Currently the sessions are stored by the webservers default settings.

Having this sessions under control by Flyspray by storing it in the database has following advantages:

  1. Allows handling of all sessions of a user by Flyspray.
  2. Providing a session management for each user. The user can see on which devices he is currently logged in and could also force a logout on selective devices.
  3. A forced logoff of all or some user sessions is easy implementable for admins.
  4. Statistics about how many users and who is logged in. (user status: hide always, online, offline, do not disturb, ..)
  5. Could make onpage-notifications easier to implement.
  6. .. ?

Disadvantages:

  1. A potential unknown security bug in Flyspray that could lead to reading a session db table could leak informations like who is currently online/active and make further attacks more focused or makes session takeover easier.
  2. .. ?
2585User InterfaceTODOMediumUpgrade CKEditor to 4.13New
0%
peterdd02.12.201917.02.2020 Task Description

To fix some other open tasks, an update of the CKEditor4 files is probably the best way.

Starting with CKEditor4 ‘Basic’ preset, evaluate every additional Plugin before adding them to the config.

Because the selection of plugins starts with the ‘Basic’ preset, some configs are disabled in the resulting config.sys like the ‘Strike’ button or the Copy/Paste functionality.

I am also evaluating the possibilities to make some of the options configurable within the Flyspray configuration. It is probably required to analyze if a setting applies to only CKEditor syntax or would be also by used for installs using dokuwiki syntax/engine.

I can also imagine enable/disable features based on Flyspray user permissions. (but that requires not only CKEditor config, but also server side changes like HTMLpurifier settings.)

Languages

Just choose all languages available in the CKBuilder.

Probably we need to adjust the CKEditor to use the users Flyspray language settings too. I changed my language to french in a test install but the CKEditor still shows german user interface. (probably detected by browser http request headers)

Compare that the used language abbreviations work together between files in lang/ of Flyspray and that of CKEditors. (Flyspray: lang/pt_br.php vs. CKEditor: js/ckeditor/lang/pt-br.js)

Theme selection

Probably use a CKEditor source maintained Moona-Lisa or Moona as these are easier to modify their color themes like auto light/dark mode browser detection or base colors that match the theme.

Moona Color currently has issues and not maintained by CKEditor guys.

Plugins

The previous contained CKEditor 4.4.7 probably hat the standard preset used.

Following I keep track of plugins we should add to the basic preset. This list is growing/edited until the final config that ships with Flyspray is found.

Mentions

This would enable choosing a user by their username, like @peterdd.

Requires writing an extra php file for retrieving a matching list of users, that respects current user permissions and status of users (like not fetch disabled users).
This extra php file could be also used for the editor textareas with a dokuwiki toolbar.

Auto Grow

This is just a promising usability improvement. No scrollbars needed when writing longer texts.

Turns just typed urls like https://www.flyspray.org into real links (like dokuwiki does it when rendered on page.)

Baloon Toolbar

This just sound like a promising usability improvement. Not tried yet. Only add when there is use case (other plugins usability profit from it) for Flyspray.

Blockquote

Probably required because existing Flyspray installs had it too and citing a comment/text snippet should be also able.

Code Snippet

Probably requires deeper look how secure integrate with server side cleanup (HTMLpurifier).

Format

h1-h6 and other tags. Probably required as previous Flyspray versions used that too. (TODO: What happens to old content with h1-h6 tags when editing with a CKEditor without the Format plugin?)

Also configure it to accept only tags useful for within Flyspray. (see also server side configuration of HTMLPurifier)

Remove Format

Existing Flysprays had this too and probably a good thing when the user can cleanup their word/whateverwhere pasted stuff cleaned before HTMLpurifier does it server side too with maybe surprises to the end user.

Show Blocks

Gives the user some confidence on command if his current editing has the right/intended structure.

Well, that missing is one of the reasons why I hated WYSIWYG or wannabe WYSIWYG editors in the past. Uncertainty by the end user, and pain for the admin/webmaster when he sees the garbage stored in the database (endless spans and other garbage tags partly wrong nested by just pasting from Word documents.)
(little bug in CKEditor 4.13.0: doesn’t expand the area with plugin Auto Grow enabled)

Source Editing Area

Useful for people that can read HTML or are responsible to fix things.

1040User InterfaceFeature RequestLowClose Multiple Tasks at onceNew
30%
1.1 devel5317.08.200601.10.2015 Task Description

We don't close the tasks until the release is "made", that is we let them under "Requires Testing" with 100% complete. When the release/testing cycle is finished, somebody has to go task by task, and start closing them... it's a PITA ;)
It would be nice to have to option to select all the tasks you want to close, and that the "popup" when you enter the reason/etc, applied to all the tasks I selected...

I recall reading something about this in the past, but haven't found it; and if this is implemented, I haven't seen a way to do it in 099beta1

1737JavascriptTODOLowJavascript OverhaulNew
0%
1.1 devel6125.05.201224.02.2016
1792Backend/CoreFeature RequestLowChanges from Deprecated 1.0.0New
0%
2.113.12.201203.03.2013
1798Backend/CoreFeature RequestLowBounty System New
0%
2.0113.12.201206.03.2015
1811Backend/CoreFeature RequestLowGoogle Docs/Dropbox IntegrationNew
0%
2.0417.01.201313.03.2015
1820Backend/CoreFeature RequestLowMerge comments, history, and detailsNew
0%
2.0317.01.201325.05.2016
1924Backend/CoreBug ReportLowBetter errors messages on email errorNew
0%
1.1 devel11.07.201406.03.2015
1958User InterfaceFeature RequestLowPreselect values for event log viewNew
0%
09.03.201509.03.2015
1961User InterfaceFeature RequestLowshow new notifications in flysprayNew
0%
11.03.201511.03.2015
1962Backend/CoreFeature RequestLowSMS notification - sending notifications via sms same a...New
0%
211.03.201502.12.2015
1964DocumentationFeature RequestLowOn page documentationNew
0%
11.03.201511.03.2015
1966User InterfaceFeature RequestLowMy votes on myprofileNew
80%
1.1 devel11.03.201503.11.2015
1967User InterfaceBug ReportLowKeep browser scroll position when sorting task listNew
20%
1.1 devel412.03.201519.09.2015
1969User InterfaceFeature RequestLowsearch form with Advanced search toggle layoutNew
60%
1.1 devel312.03.201519.09.2015
1970User InterfaceFeature RequestLowIcons for predefined task typesNew
20%
1.1 devel112.03.201530.10.2015
1971Backend/CoreFeature RequestLowa field like challenge level or doom levelNew
0%
12.03.201512.03.2015
1972User InterfaceFeature RequestLowAdvanced search form - ideas for faster/better usabilit...New
0%
1.1 devel412.03.201518.03.2019
1982Backend/CoreBug ReportLowdouble entries in assignees listNew
80%
1.1 devel320.03.201511.02.2016
2000User InterfaceFeature RequestLowResponsible persons column viewNew
30%
1.1 devel122.06.201509.09.2015
2002User InterfaceFeature RequestLowshow user role on autocomplete for verificationNew
0%
122.06.201517.10.2019
2004User InterfaceBug ReportLowphp notice on unset params on reports pageNew
0%
1.1 devel218.07.201519.09.2015
2005Backend/CoreFeature RequestLowone account, several authenticationsNew
0%
1.1 devel18.07.201518.07.2015
2007Backend/CoreBug ReportLowtime on project overview activity timelinesNew
0%
18.07.201518.07.2015
2008User InterfaceTODOLowdifference between related tasks and related linksNew
0%
18.07.201518.07.2015
2009User InterfaceFeature RequestLowEdit task flowNew
10%
2.0118.07.201507.08.2016
2010User InterfaceFeature RequestLoweffort tracking widgetNew
0%
2.018.07.201518.07.2015
Showing tasks 101 - 150 of 316 Page 3 of 7

Available keyboard shortcuts

Tasklist

Task Details

Task Editing