Flyspray

So, there would be great option if we can set permission to users to see and post only in specific opened projects in bug tracker.

Idea is, that user has all right to all projects, but in some cases we want that user can see only projects which is allowed and also to publish new tasks to only allowed projects.

In that case tasks overiew is locked and user must be logged in to see opened tasks.

Hey peterdd,

I was wondering: is there a standard URL for “My tasks”? I have an internal website and I would like to create a menu with a few submenus (Add task and My tasks) that link to FlySpray. However if I place the URL for My Tasks (being logged in with my user account), and copy this link to the menu, all others that click the submenu My Tasks, are seeing the tasks that where opened by me or where I am assigned, not that user that is connected on Flyspray with his account on his PC.

So that’s why I am asking for a generic URL of My Tasks, so I can place it on this middle-site?

Thanks

Currently all attached files get renamed (like “screenshot331.png” → “attachments/14_72a4ca580abcdef69f60b1f”) and they could be downloaded only throught the php script (”/index.php?getfile=1234”) which requires that user must be logged in to view the file.
It is not very convenient when you need to show a file to some person who is on mobile phone at the moment or using not a work computer. Also sometimes you might need to share a file with anyone without having them to register at your bug tracker.

I suggest you to add a checkbox like “create a direct link” when uploading a file, which will save the file with original name and extension but adding some random generated prefix (like “screenshot331.png” → “attachments/14_72a4ca580abcdef69f60b1f.screenshot331.png”).

However this poses a high security risk so there should be a list of allowed file extensions (e.g. “jpg,png,txt,pdf,doc,zip”) - only these files could be saved with the original extension. This list should be accessible by the main administrator only, thus the safest option would be storing it inside the “flyspray.conf.php”.

If i set up a custom css in the main FS settings the style doesn’t get applied to all nested projects. I have to set the css to all projects explicitly to get the stylings work on all project pages.
Wouldn’t it be a good idea to first load the css set in the main dialog and after that load an additional css specified in the sub project? Then it would be possible to specify general stylings for all projects and project based stylings also.

You cannot select the fields for export to csv. This means that the commentfield (edit: you mean task description, right?) is always exported too. As this commentfield task description (?) could contain quotes, comma’s etc (like people inserting copies of emails on an issue) it corrupts the output file and the file cannot be read by excel.

Correct or wrong code return false!

The results of Securimage Test Script on my server

This script will test your PHP installation to see if Securimage will run on your server.

Session Functionality: Yes!
GD Support: Yes!
GD Version: bundled (2.1.0 compatible)
imageftbbox function: Yes!
TTF Support (FreeType): Yes!
JPEG Support: Yes!
PNG Support: Yes!
GIF Read Support: Yes!
GIF Create Support: Yes!
SQLite Support: Yes!
SQLite is available. If you choose to use it, Securimage can support users who do not accept cookies.
MySQL Support: Yes!
MySQL is available. If you choose to use it, Securimage can support users who do not accept cookies by storing codes in MySQL.
PostgreSQL Support: No
No PostgreSQL support.
LAME MP3 Support: No
LAME was not found, audio will work in WAV format, but not MP3. See Securimage HTML5 audio documentation for info.
Your server meets the requirements for using Securimage!

on modify.inc.php line:754 got

if( !Post::isAlnum('captcha_code') || !$image->check(Post::val('captcha_code'))) {

if( true == false || false == false ) {

Edit 2021-03-15: Only effects Flyspray source releases on Windows where running composer is required. Releases with included dependencies are not effected!

if a pdf is attached with commentit needs either be forced as download or open target _blank

I can’t see an option to set the default view after login. It always defaults to tasklist view when it would be useful to show the overview by default on login.

The filename for the csv export is build based on project name and current date.

Due different handling of web browsers, the appropriate http header should send the filename in ascii and also provide them as utf-8 for web browsers who can handle that.

Related RFC5987

Pretty minor, but seems to show up regularly enough in our logs. The line in question:

$outfile = str_replace(' ', '_', $tasks[0]['project_title']).'_'.date("Y-m-d").'.csv';

Adding key support for each project instead of using the prefix FS#<task_id>

Let the administrator choose the key for project.

What’s a project key?
It prefixes each task in the project

We have some private Tasks in our FS-bugtracker to hide them from normal reporters. But we also have some external beta-testers in a betatesters-group and they should be able to see (and check) the private tasks without giving them a project manager status. So it would be good, if there is a switch in the group option to give specific groups the right to see private tasks.

...
symfony/event-dispatcher suggests installing symfony/dependency-injection ()
symfony/event-dispatcher suggests installing symfony/http-kernel ()
guzzle/guzzle suggests installing guzzlehttp/guzzle (Guzzle 5 has moved to a new package name. The package you have installed, Guzzle 3, is deprecated.)
Package guzzle/guzzle is abandoned, you should avoid using it. Use guzzlehttp/guzzle instead.

I understand this is likely due to some sort of XSS CSRF protection, but the delay doesn’t appear to be long enough to be useful for a lengthy comment to be posted. I’ve now lost two detailed comments in our tracker because the software threw everything out and generated a meaningless error.

Further, attempting to do the normal thing and making the browser resubmit the page results in Flyspray throwing “Error #3” something something repeated action and causing a redirect to the homepage.

Surely there has to be a better way to handle this that doesn’t incur data loss?

When filing a task, it’s possible to submit the task without any information at all being added to the main body of the ticket. This leads to reports that are of no value because the user can simply add some vague title, hit submit, and then wonder why nothing happens other than someone closing it later as invalid.

The main body of the ticket should be considered a required field and should throw an error if nothing is in the box.

Since we have a lot of tasks pending, our team leader wants a specific status (let’s say: Waiting for dispatch) to be marked with a green background in tasklist.
Can you please help me to make this mod?

Thanks in advance.

Hello again,

I was wondering (again ) if the following scenario is possible for this bug tracking solution:

Our company uses this bug tracker mainly for helpdesk issues. However, our main users (except IT department) don’t seem to easily understand how to change the status of a ticket, they aren’t interested in doing that also.

So I would like to know if there is a way that we can develop some automatisation in changing the status automatically after customer replies to a message.

Let’s see the following scenario:

1. user A posts a new task
2. user B assigns himself (or other) to that specific task - the status automatically is changed to Assigned
3. user B replies to task by adding a comment - as a result of adding the new comment the task status should change automatically to Waiting for customer - without the need that user B to change the status
4. user A checks the comment from user B and decides to comment back to him. After pressing the Add comment button, the status should change automatically to Waiting for assignee

If the task is needed to have another status, the users can change them manually, but the automated part should be the waiting for customer and assignee.

On a basic algorithm it shouldn’t be hard (if user is logged in and is task owner, then after comment, task detail - status changing to id 4-5 from task-statuses table on mysql; if user is logged in and assigned to task, after adding comment change status 4-5 from task-statuses table).

I saw this thing on an otrs platform and it is quite ok for a simple user like ours.

Is there any way that we can personalise the flyspray in this way?

If yes, please give us an elaborate answer with what I should do for this to work.

Thanks in advance.

Hi,
Where i can change severity and priority by default?
I want change severity to “Medium” by default for group Basic
I cant find this option in the Flyspray settings.

When a anonymous user tries to display a ticket of a non public project (for example by entering a random ticket id), Flyspray exposes the title of the non public project in the header bar.

Edit by peterdd: also applies to project description

In Admins Toolbox (Project preferences) i choose language de. The file exists in folder lang. But only english is shown. the same for french and so on. No really changes.

Flyspray does not recover the time set in php.ini. On display, the system has two hour delay.

Problem: By replacing just the project_id of the closed task it is possible the task then has invalid field values within the target project.

Possible scenarios:

1. Ignore invalid values within the target project
   • Pro: Easy to do, an immidiatly revert back to the old project would “heal” the task properties.
   • Contra: may effect accuracy and reliability of other parts like searching, listing, statistic calculations
2. Silent change task field values to valid field values of the target project if necessary
   • Pro: relative easy to do
   • Contra: a bit loss of information, little side effects
3. allow user to modify the fields that must be changed so that every field of the task has valid values within the target project
   • Pro: accuracy
   • Contra: a bit loss of information(fallback to default values) if there are no similiar field values selectable within the project
4. allow user to modify the fields, fields or field select values that do not exists in target project will be automatically created.
   • Pro: accuracy
   • Contra: target project may be cluttered with too many fields/field values
5. ???

Flyspray should show a warning, and maybe set the focus back to the field (only when it is a this-one-field-only-form.)

If a task creator requested closure, and someone (developer) closes the task explicitly, the PM request cannot be later ‘accepted’ and the PM request remains in the queue.

Workaround - Deny request and queue item is removed OK.

It looks like the PM request button invoked details.close which returns early if task is already closed.

I run flyspray behind a reverse proxy with the front end url being https and with the actual back end server not being on a standard port and not using https.

Setting force_baseurl seems to sort most areas with flyspray’s url generation using that instead of picking up from $_SERVER, however post-authentication redirection does not do that it just processes redirect_to as is (which in my case means it picks up the protocol, name and port for the back end server rather than what’s set in force_baseurl).

./themes/CleanFS/templates/loginbox.tpl puts out $_SERVER[’REQUEST_URI‘] into a hidden redirect_to input field - on my setup on the front page that’s e.g. “/” or for a ticket url it would be “/index.php?do=details&task_id=999” so no protocol or hostname.

scripts/authenticate.php picks up that redirect_to value and just passes it to Flyspray::Redirect, which in turn calls FlySpray::absoluteURI on what it’s passed, and FlySpray::absoluteURI doesn’t use $baseurl to qualify the url.

Not sure what the best fix is - my suggestion would be that Redirect detects urls that aren’t fully qualified and adds the $baseurl on to the front of them, rather than calling absoluteURI (absoluteURI is used to set $baseurl if force_baseurl is unset, so that’s not appropriate to modify). Alternatively scripts/authenticate.php could check redirect_to and add $baseurl if needed.