Flyspray

This is the Bug Tracking System for the Flyspray project. This is not a demo!

2021-04-23: Flyspray 1.0-rc10 released See https://github.com/Flyspray/flyspray/releases

If you are upgrading from older version, please wait for 1.0-rc11.

2021-11-23: New user registration and password forgotten currently not working on bugs.flyspray.org due email server problems. peterdd

ID Category Task Type Severity Summary Status Progress Assigned To  asc Due In Version Opened Last Edited
2553User InterfaceTODOLowintelligent accesskey shortcut helper dependent of OS, ...New
50%
106.06.201929.07.2019 Task Description

The HTML accesskey attribute feature is differently accessible dependent of operating system, web browser and web browser configuration, and users keyboard layout and user language.

By taking advantage of the User-Agent HTTP header value provided by default by web browsers, Flyspray could better know of what kind of keyboard and browser the user sits in front off and show the key combinations for the accesskey feature that best fits the users environment.

2554User InterfaceTODOLowkeyboard shortcuts help box should adapt to current pag...New
0%
06.06.201906.06.2019 Task Description

The shortcuts help infobox should adapt to the current page type.

So when in editing a task for instance, the n (next task) and p (previous task) shortcuts are not available for a good reason. Listing them there with same priority as other keys then is not helpful.

The simpliest solution is probably putting some if-statements depending on the $do variable into CleanFS/templates/shortcuts.tpl ..

2572User InterfaceTODOLowadd link attributes ugc and nofollow to user generated ...New
0%
13.09.201913.09.2019 Task Description

no task description

2577User InterfaceFeature RequestVery Lowdistinguish between anonymous reporter and deleted userNew
0%
18.10.201918.10.2019 Task Description

When a user is deleted from Flyspray, their opened tasks, closed task and task comments are then shown as Anonymous Submitter, the same way as anonymous reporters (not really anonymous, just that user does not have login account, but usually their email address is stored within that task data).

Currently just the entry from users table are deleted when a user is deleted. Their internal user_id integer is still within tasks and comments fields, and maybe some other tables too. So there is not a ON DELETE SET NULL rule or something like that applied. As it is just an autoincremented number by the system, this is not personal data imho and should be no problem for GDPR, but gives Flyspray the ability to distinguish between anon reporters and deleted users. Well, we could also look if there is an email address within task table entry for notification of anonymous reporter, but there are also tasks possible that have no user_id nor an email address.

It might by useful to present that information differently like deleted user or showing the info differently like icon + title-tooltip with explanation.

Also interesting what happens with mentions of a deleted username in a comment or task description. (see FS#2322)

The user isn’t in database, but deleting that now gone user should not modify tasks or comment where that username was mentioned I think.
But what if another user registers under that now gone username? In that case that new user would inherit that mentions. Probably we can ignore that edge case as there will be not much things will happen with an old mention in old tasks/comments.

2581User InterfaceFeature RequestLowreplace bitmap icons of default themeNew
20%
31.10.201905.04.2021 Task Description

I played with adding a dark mode color theme to the default CleanFS theme.

To make the dark theme just simple exchange some colors, the bitmap icons should be replaced with alternatives.

Easiest would be using the fontawesome font icons as Flyspray still uses them and they can simply get a css color assigned.

Examples

  • caret of tasklist
  • the ‘select all’ icon of tasklist, but also used at some more locations.
  • some icons in the Flyspray main toolbar (Overview, Tasklist, Event log, ..)
  • the black calendar icons for date selects
  • maybe the file type icons for attachments

Editors

  • Dokuwiki toolbar fixed in devel for Flyspray 1.0-rc10
  • CKEditor: some modern CKEditor themes support color/dark mode, I will probably choose the moona-lisa theme as default.
2589User InterfaceBug ReportLowTime zone in user settings is confusingUnconfirmed
0%
228.12.201928.12.2019 Task Description

Hello,

When registering and when later editing users settings it’s possible to specify “Time zone” but the way it’s implemented is confusing. What I see is a drop-down list with GMT[+-]:digit: and this is an odd way to set the timezone for multiple reasons:

1. “GMT” is a word without universally accepted and defined meaning these days, see https://www.ucolick.org/~sla/leapsecs/timescales.html#GMT ;

2. Often time zone specification needs to include the rules when (if ever) to apply DST and what abbreviation is to be used in different cases. See TZ description on https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_03 .

Taking these two points into account I can’t see how to meaningfully use this feature.

TIA for looking into it.

2609User InterfaceFeature RequestLowAdd an Effort Description fieldPlanned
50%
1.0-rc115107.05.202001.04.2022 Task Description

It would be nice to have a description field to put a brief note about the work done for a given effort item. This would help when using effort tracking for the purpose of making invoices to a client.

2610User InterfaceFeature RequestLowEffort pop-up timerNew
20%
207.05.202024.08.2020 Task Description

It would be terrific to have a small pop-up window that appears when you click to start tracking of an item. In the window could be:

  • the task name
  • a timer
  • a button to close the timer pop-up and jump to the effort tracking screen, or even to stop the effort timer in FlySpray if possible.

This would help tremendously to remind a developer that he has one or more timers going in FlySpray.

If multiple timers are started, there could be multiple timer windows, each identified by the task name showing as part of the window (title bar or some text near the timer).

2635User InterfaceFeature RequestMediumimprove usability of add/remove tags to/from tasksPlanned
70%
1.013.04.202123.04.2021 Task Description

Integrate the selectpure javascript to the new task and edit task form.

By default there is a text field where tag names are separated by ‘;’ character.

Selectpure could instead show the tags with their visual layout with a little ‘x’ inside on the right side for removing a tag and autocomplete when typing a tag name to show existing tags from the flyspray_list_tag-table as possible selections.

Instead implemented a CSS and raw javascript solution with a single taghelper.js without any dependancies.

A button beside the tag input text field toggles a list of available tags for the current task, depending on the project and settings.

Still TODO

  • styling of added tags
  • highlight tags that would be removed when the task will be saved.
  • highlight tags that would be added when the task will be saved.
  • highlight tags that are attached to the task in the available taglist.
  • highlight tags that are added to the task in the available taglist.
  • optimize layout for this feature.
1999XMPP/JabberFeature RequestMediumjabber xmpp configurationNew
0%
8122.06.201511.02.2017 Task Description

There should be some help at the configuration sections for setting up jabber/xmpp notifications.

How someone can test it?

Must the admin setup his own jabber/xmpp server or are there recommended servers?

I registered with psi+ instant messager as peterdd@ubuntu-jabber.de at ubuntu-jabber.de for testing
and configured it here in my account too, but got no jabber messages.

Email notifications works and I set up both sending.

2020XMPP/JabberFeature RequestMediumFunction to test jabber/xmpp configuration New
0%
1.1 devel1131.07.201519.09.2015 Task Description

The flyspray admin users should be able to test their jabber/xmpp configuration, check if sending jabber notification is working and if not, give useful error messages back, so the user is able to fix the configuration.

2657EmailBug ReportCriticalcurrently new registration emails are not received by u...Assigned
0%
Floelejudas_iscariote24.11.202124.11.2021 Task Description

Regardless if a gmail.com or other address (tested with my gmail and also other email address)

So this is probably a mail server problem. I try to reach server admin.

I can see my “unfinished registrations” tests in the admin→checks area, but received no emails (waited and checking spam folders too)

2601Public RelationsFeature RequestMediumhttp -> https missing redirection (19-04-09)Assigned
10%
Floelejudas_iscariote321.04.202025.09.2020 Task Description

From: https://groups.google.com/forum/?hl=en#!topic/flyspray/rAnks5y_uLk

19-04-09 // More one year ago.

There are not http → https redirections.

Only one example:
- http://www.flyspray.org/docs/download/ is not redirected to https://www.flyspray.org/docs/download/

Note: It is better to have the main website in https://flyspray.org/.

http://www.flyspray.org/ + https://www.flyspray.org/ + http://www.flyspray.org/ must be redirected to https://flyspray.org/

2063Backend/CoreFeature RequestVery Lowshow closed/open usage count on do=pm&area=XXXNew
10%
peterdd129.09.201525.03.2021 Task Description

Currently on

  • do=pm&area=cat
  • do=pm&area=version
  • do=pm&area=os
  • do=pm&area=resolution
  • do=pm&area=status
  • do=pm&area=tags
  • do=pm&area=tasktype

a count of usage in tasks is shown for every property.

Interesting would be if the counter shows the count for open/closed tasks on each row.

2316Backend/CoreBug ReportLow"wrongtoken" is displayed if the comment box is left si...Assigned
0%
peterdd7122.11.201629.07.2019 Task Description

I understand this is likely due to some sort of XSS CSRF protection, but the delay doesn’t appear to be long enough to be useful for a lengthy comment to be posted. I’ve now lost two detailed comments in our tracker because the software threw everything out and generated a meaningless error.

Further, attempting to do the normal thing and making the browser resubmit the page results in Flyspray throwing “Error #3” something something repeated action and causing a redirect to the homepage.

Surely there has to be a better way to handle this that doesn’t incur data loss?

2559Backend/CoreBug ReportLowa duplicate close accepted even when missing comment/ r...New
0%
peterdd29.07.201929.07.2019 Task Description

Closing a task with selected close reason duplicate should warn when there is no comment or FS # id is given in the close comment text field.

The task is closed as duplicate without any further notice. The information to which task it is duplicate or a description (if the problem is logged/handled outside Flyspray) is lost.

Possible solutions

Frontend hints

  • variant F1 (soft): When duplicate as close reason is selected, a placeholder attribute in the close comment text field could be shown/updated. (maybe as ‘css only’ possible)
  • variant F2 (harder): Deny sending the form if duplicate selected, but comment text field is empty. and shows warning info. (javascript required, nojs browsers still send form.)
  • variant F3 (hard): Deny sending the form if duplicate selected and no task id detected in comment text field. and shows warning info. (javascript required)

Backend deny

  • variant B1 (soft): When request wants close a task with duplicate reason and (cleaned) comment string is empty, deny closing the task and give feedback to user why it was denied.
  • variant B2 (hard): It requires detecting a task id in the comment field and the first detected task id is taken for referencing as ‘is duplicate of’. Limitation of this is that the duplicate could be also a ticket or something of a complete other system.
2573Backend/CoreTODOLowadd rel nofollow,ugc,.. settingsNew
20%
peterdd114.09.201915.09.2019 Task Description
  1. Find a good configuration name just reuse relnofollow as used by dokuwiki
  2. Find a good translation keyword for that config relnofollow
  3. Find a good translation keyword for config description (title attribute)

Goes into prefs table as it is sitewide configuration.

As first implementation a simple checkbox should be ok. Should be on the tab with other spam handling stuff like captcha configuration.

Is enabled by default (1).
Adapt setup xml files, upgrade procedure.


	
2620Backend/CoreTODOMediumPHP8 compatibilityNew
50%
peterdd226.11.202017.08.2021 Task Description

PHP 8.0 is now released (2020-11-26) and Flyspray should be made compatible with it.

  • Replace removed and deprecated functions with alternatives in our source code.
  • Upgrade used libraries or make used libraries compatible:
    • post github issue or pull requests for ADODB
    • upgrade used dokuwiki or make changes in our integration (probably just review our as official dokuwiki project contains too much stuff we do not need and changed much)
    • review used geshi
    • upgrade our swiftmailer version to PHP8 compatible version
    • upgrade our oauth2-client stuff to PHP8 compatible version
  • The @ operator no longer silences fatal errors. Some checks in installer or other areas might not work anymore as expected when the @-operator was used as silencer for previous PHP versions.
2660Backend/CoreBug ReportLowmention an user with "_" does not work: @user_testConfirmed
30%
peterdd1.0-rc11829.10.202208.11.2022 Task Description

@peterdd: It is not possible to tag the user, for example, @user_test.

It is stopped before “_”.

change by @peterdd: quickfix is now in master branch

2668Backend/CoreBug ReportHighCKeditor update (CVEs)Unconfirmed
10%
peterdd1.0-rc11202.11.202208.11.2022 Task Description

It is possible to update CKeditor?

Currently it is 4.16:
- https://github.com/Flyspray/flyspray/blob/master/js/ckeditor/CHANGES.md

Vulnerabilities / CVEs:
- https://www.cvedetails.com/vulnerability-list/vendor_id-12058/Ckeditor.html

There are at this time:
- 4.20: https://github.com/ckeditor/ckeditor4/tags
- 35.2.1: https://github.com/ckeditor/ckeditor5/tags

2669Database QueriesBug ReportLowuser and registrations tables: Illegal mix of collation...New
50%
peterdd1.0-rc11107.11.202208.11.2022 Task Description

The ajax call to check if a username is taken fails currently on https://bugs.flyspray.org when trying to fill the user registration form.
(beside the fact the registration confirmation loop is not working as mail server not correct configured)

Query {
    SELECT count(u.user_name) AS anz_u_user, count(r.user_name) AS anz_r_user
    FROM `flyspray_users` u
    LEFT JOIN `flyspray_registrations` r ON u.user_name = r.user_name
    WHERE LOWER(u.user_name) = ? OR LOWER(r.user_name) = ?}
 failed! (Illegal mix of collations (utf8_general_ci,IMPLICIT) and (utf8_unicode_ci,IMPLICIT) for operation '='

Inconsistency probably due misconfiguration due manual upgrade + manual changes to the database.

Affected: maybe only https://bugs.flyspray.org

I fixed it on bugs.flyspray.org by running SQL commands:

ALTER TABLE flyspray_registrations CONVERT TO CHARACTER SET utf8mb4;

and

ALTER TABLE flyspray_users CONVERT TO CHARACTER SET utf8mb4;

Both now using the servers default collation, so they can be joined again by boths user_name field.

This can be seen as just a quickfix.

Why this happened at all?

I can only speculate about this as I can do some administration only since 2021.

I assume the defaults of mysql tables charsets and collation changed with mysql/mariadb versions and the upgrade scripts does not explicit handle that.

So lets say first it was utf8 and utf8_general_ci,
then utf8 and utf8_unicode_ci
and then utf8mb4 and utf8mb4_unicode_ci.

And when upgrading Flyspray and new tables where created they use the servers new default charset and collation while the older tables and varchar fields keep their old charset and collation which leads to inconsistencies.

And then there where probably manual interventions by admins (from 2003-2021?) who fixed/changed charset/collation on certain tables and fields manually by running SQL commands.

How it should be fixed

The Flyspray install and upgrade scripts and xmlschema03 files should contain information and settings for charset and collation for the table fields and upgrade scripts and should convert wrong charset and collation fields during an upgrade if they are wrong in the database.

Sadly ADOdb’s xmlschema03 lacks configuring and handling yet, so this must be done by the upgrade PHP scripts after running xmlschema03 xml files.

How it will be handled meanwhile

Extending Admin Toolbox→Checks sections to compare the current database with the intended configuration.

So admins can fix tables and field charset and collation where required.

Such inconsistency could be detected by admin checks - tab.

I would like to see that field users.user_name and registrations.user_name just be ascii (in mysql) and only accepts allowed username characters.

2636Installer and UpgraderBug ReportHighFailure to upgrade 1.0-rc9 to 1.0-rc10 (mariadb 10.4.18...Assigned
50%
peterdd1.0-rc11729.04.202123.07.2021 Task Description

I administer a moderate-sized (~14K ticket) 1.0-rc9 instance running on a Fedora 32 host (php 7.4.16, mariadb 10.4.18) Following the upgrade instructions (ie transfer attachments, avatars, flyspray.conf.php) the setup/upgrade tool loads, and prompts me to upgrade.

It churns a while before refreshing the screen, claiming a successful 1.0-rc10 upgrade. However, the upgrade seems to not actually “stick”, because clicking on the “return” button I’m dropped back into the upgrader, which is once again claiming I’m running 1.0-rc9 and prompting me to perform the -rc10 upgrade.

According to Flyspray’s admin ‘checks’ tab:

* PHP 7.4.16
* MariaDB 10.4.18
* default_charset: utf8mb4
* default_collation: utf8mb4_unicode_ci
* All tables are ‘InnoDB’

There are no errors logged that I can find, but the upgrade is clearly not working. If I revert to the -rc9 php files, everything continues along as if nothing was done.

Any suggestions?

2637Installer and UpgraderBug ReportHighFailure to upgrade 1.0-rc9 to 1.0-rc10 (postgresql 12.6...Assigned
50%
peterdd1.0-rc11729.04.202105.05.2021 Task Description

I administer a small personal (<1K ticket) 1.0-rc9 instance running on a Fedora 32 host (php 7.4.16, postgresql 12.6) Following the upgrade instructions (ie transfer attachments, avatars, flyspray.conf.php) the setup/upgrade tool loads, and prompts me to upgrade.

Unfortunately, the upgrade fails spectacularly, with a reported SQL error that belies what’s actually wrong. Here’s a snippet from the postgresql logs where the upgrade is failing:

2021-04-28 10:33:07.190 EDT [2032049] ERROR: column “attachment_id” of relation “flyspray_attachments” already exists
2021-04-28 10:33:07.190 EDT [2032049] STATEMENT: ALTER TABLE flyspray_attachments ADD COLUMN attachment_id SERIAL
2021-04-28 10:33:07.194 EDT [2032049] ERROR: current transaction is aborted, commands ignored until end of transaction block
2021-04-28 10:33:07.194 EDT [2032049] STATEMENT: ALTER TABLE flyspray_attachments ADD COLUMN task_id INTEGER
[…and everything else fails because the transaction aborted…]

It appears that the upgrade script is blindly trying to create columns that already exist in the -rc9 database, and postgresql is treating this as a failure. Because the entire upgrade happens within one transaction, this means the entire upgrade fails at the outset and won’t ever succeed.

The way past this specific problem is to make these ALTER TABLE operations conditional (eg “ALTER TABLE flyspray_attachments ADD COLUMN IF NOT EXISTS task_id INTEGER”).

2639JavascriptBug ReportMediumUnable to "deny" a pending requestResearching
0%
peterdd712.05.202113.06.2021 Task Description

My project has 37 pending requests. Each has a set of Accept / Deny buttons next to it.

If I click on Deny, a textbox pops up for me to enter “Reason for denial” but the entire page immediately regreshes/reloads back to the task list before I have a chance to enter the reason and submit it.

I can always “Accept” the request implicitly by going to the appropriate task and closing/re-opening it, but there’s no way to “deny” something without going through this UI path.

2598User InterfaceBug ReportLowuser registration in admin area: "username taken" but t...Assigned
0%
peterdd1.0320.03.202014.04.2021 Task Description

Trying to add a new user having the same email address as an another user in the do=admin&area=newuser section results in

“That username is already taken. You will need to choose another one.”

instead of

“Email address has already been taken”

(I’ve stumbled on this issue because I have an older disabled user with the same email address)

2625User InterfaceTODOLowavoid password manager popups in admin prefs areaNew
0%
peterdd110.02.202110.02.2021
Showing tasks 301 - 326 of 326 Page 7 of 7

Available keyboard shortcuts

Tasklist

Task Details

Task Editing