Flyspray - The bug killer!

This is the Bug Tracking System for the Flyspray project. This is not a demo!

2021-03-15: The next release is planned for the end of March 2021.

2019-04-22: Flyspray 1.0-rc9 released See https://github.com/Flyspray/flyspray/releases

ID Category  asc Task Type Severity Summary Status Progress Assigned To Due In Version Opened Last Edited
2201APIBug ReportHighI got Fatal Error on the Github OAuthUnconfirmed
0%
1.0107.09.201609.09.2016 Task Description
Fatal error: Class 'League\OAuth2\Client\Provider\Github' not found in /html/bugs/includes/GithubProvider.php on line 11

I have downloaded this:
Precompiled with 3rd party libs for PHP5.6: flyspray-1.0-rc1_php56.tgz
and the file seems really dont exist.

2112APIBug ReportMediumAssigned tickets aren't editable for lower privileged u...Unconfirmed
0%
231.03.201611.04.2016 Task Description

An assigned ticket can't be edited by a lower privileged user.

Steps to reproduce:

  • One Project, Two Users. User A is Admin, User B is Basic
  • A creates a Task.
  • A take ownership of the Task. (it’s important to do this AFTER saving the task. You cannot assign User A if you are A in this moment. Maybe another Bug...!?)
  • Now B is allowed to take ownershop too. B click now “Add me to assignees”.
  • Now B can edit the task.
  • If B click “save”, the task can’t be saved, because some fields haven’t the correct values (esp: state is now “unconfirmed”). Many error messages said, that unexpected values exist

Some weird moments:

  • Why can B edit a task? He have no rights to edit tasks...
  • If B are Basic and have “edit own Task”-Right too, this bug also exist.
1987APIFeature RequestMediumREST API to get metrics from flyspray projectsUnconfirmed
0%
229.03.201506.10.2015 Task Description

I need metrics for flyspray projects about a rest api. For example the count of issues for status, priority. I want use this values for my code analysis system http://www.sonarqube.org/ and other internal tools. It is possible to create a rest api with user authorization and only for metrics data?

2551AuthenticationInformationLowLDAP/AD integrationUnconfirmed
0%
315.05.201904.09.2019 Task Description

Hi

Please advise if there are known issues when integrating Flyspray with Active Directory using LDAP.

2209AuthenticationFeature RequestMediumTLS support for LDAPUnconfirmed
0%
109.10.201604.09.2019 Task Description

It would be helpful to have communication with LDAP via TLS

2107AuthenticationFeature RequestLowSupport CAS Server AuthenticateUnconfirmed
0%
202.03.201604.09.2019 Task Description

Please support Central Authentication Service, thank you.

1487AuthenticationFeature RequestLowLDAP(Active Directory) AuthenticationPlanned
40%
1.1 devel101121.05.200804.09.2019 Task Description

I have done a very quick bit of work to bring ldap (through active directory) authentication to flyspray for our implementation in the office. I hope it will be of use to others. There is a readme.txt inside talking through the process and the patch to apply. My plan is to expand on this and make it part of the setup process but this will take a bit longer.

2629Backend/CoreBug ReportLowactivating history tab sends same request 2 timesNew
0%
11.03.202111.03.2021 Task Description

There should be only one request to

js/callbacks/gethistory.php when activating the History tab

The request is made:

  • on mousedown event
  • on click event

So holding down the tab sends the first request and releasing sends the second request.

2627Backend/CoreBug ReportLowcheckLogin: Trying to access array offset on value of t...Unconfirmed
0%
509.03.202111.03.2021 Task Description

FS version: 1.0-rc9
PHP version: 7.4.15
database: mysql
php.ini: error_reporting = E_ALL | E_STRICT

Steps done to create the problem:
- Login as Admin or User, with name “Admin”, not with email.

Experienced behavior:
PHP Notice: Trying to access array offset on value of type bool in …/flyspray-1.0-rc9/includes/class.flyspray.php on line 812

A possible fix is attached as patch.

Think, it is this line in currend code:
https://github.com/Flyspray/flyspray/blob/5b0a3d80fc9612ca8e8743450fbf2c8243b5bf47/includes/class.flyspray.php#L836

2626Backend/CoreBug ReportCriticalCreate a new build, last stable is 0.9.9.7 (2012-05-28)...Unconfirmed
0%
427.02.202111.03.2021 Task Description

The last build is very old, it is possible to create a new build?
- The last RC: 2 years soon
- The last stable: 9 years soon

GitHub Releases section:
- https://github.com/Flyspray/flyspray/releases

Latest release
v1.0-rc9
136c339

Flyspray 1.0-rc9

@peterdd peterdd released this Apr 22, 2019

Stable: http://www.flyspray.org/docs/download/

Flyspray 0.9.9.7 - 28 May 2012
2621Backend/CoreBug ReportMediumphp notice/warning when reopening in some circumstancesNew
0%
peterdd1.0-rc1027.11.202014.04.2021 Task Description

Reopening a task triggers a PHP notice with PHP7.4 under some circumstances.
Reopening a task triggers a PHP warning with PHP8.0 under some circumstances.

Reproduce:

  1. Create task
  2. Close task directly without setting a completion percentage
  3. Reopen the task
Notice: Trying to access array offset on value of type bool in /***/includes/modify.inc.php on line 684
Notice: Trying to access array offset on value of type bool in /***/includes/modify.inc.php on line 686
Notice: Trying to access array offset on value of type bool in /***/includes/modify.inc.php on line 686
2620Backend/CoreTODOMediumPHP8 compatibilityNew
20%
peterdd226.11.202011.03.2021 Task Description

PHP 8.0 is now released (2020-11-26) and Flyspray should be made compatible with it.

  • Replace removed and deprecated functions with alternatives in our source code.
  • Upgrade used libraries or make used libraries compatible:
    • post github issue or pull requests for ADODB
    • upgrade used dokuwiki or make changes in our integration (probably just review our as official dokuwiki project contains too much stuff we do not need and changed much)
    • review used geshi
    • upgrade our swiftmailer version to PHP8 compatible version
    • upgrade our oauth2-client stuff to PHP8 compatible version
2617Backend/CoreFeature RequestLowPreview button not at the good placeMaybe
0%
226.09.202026.09.2020 Task Description

The “Preview” button is not at the good place.

The “Preview” must to be near “Add this task” with same background button color.

Thanks in advance.

2603Backend/CoreBug ReportVery Low Psi XMPP client (19-04-09)Waiting on Customer
0%
221.04.202025.09.2020 Task Description

From: https://groups.google.com/forum/?hl=en#!topic/flyspray/jC5BBQ1XiQo

19-04-09 // More one year ago.

On https://www.flyspray.org/ On https://www.flyspray.org/devel/team/

Replace :
- https://www.psi-im.org/https://psi-im.org/

→ Remove the WWW.

2600Backend/CoreInformationLowError #17 when selecting a projectUnconfirmed
0%
31.03.202031.03.2020 Task Description

When I am at the global projects page at index.php?do=admin&area=editallusers and now select a project from the dropdown menu at the top right, I get an error

FEHLER #17: Ungültiger Projektmanager-Bereich!

(according to the the translation area this is key 813: error17 Invalid PM area.)

If I select the project again, the projects start page will be shown correctly.

2599Backend/CoreInformationLowadd post request on new task creationUnconfirmed
0%
30.03.202012.04.2021 Task Description

I’m currently using flyspray 0.9.9.7

I want to make a little integration of our flyspray installation into slack.
I want make a POST request when a “new task is created”

Any experiment guy can help here ?
1. Where is the best place to achieve this quickly as “hack hardcode” 2. Im not php developer, is there any php lib in flyspray todo quick POST request without installing any additional lib.

2588Backend/CoreBug ReportLowps_files_cleanup_dir: opendir(/tmp/.priv) failed: Permi...Unconfirmed
0%
218.12.201905.02.2021 Task Description

Sometimes comes this message with a lot of backtrace log.
If you are reporting a bug please provide as much information as possible to help understand and reproduce the problem:

Did you installed an official release or did you used an inoffical docker?!
Official download flyspray-1.0-rc9

mysqlnd 5.0.12-dev
Linux 64bit
PHP Version 7.2.25

Steps done to create the problem:
Wait some weeke and edit a ID.

Experienced behavior:

[18-Dec-2019 13:19:41 Europe/Berlin] PHP Notice:  session_start(): ps_files_cleanup_dir: opendir(/tmp/.priv) failed: Permission denied (13) in /var/foo/htdocs/flyspray/includes/class.flyspray.php on line 1006
[18-Dec-2019 13:19:41 Europe/Berlin] PHP Warning:  session_start(): Cannot send session cache limiter - headers already sent (output started at/var/foo/htdocs/flyspray/includes/class.flyspray.php:1006) in /var/foo/htdocs/flyspray/includes/class.flyspray.php on line 1006
[18-Dec-2019 12:19:41 UTC] PHP Warning:  Cannot modify header information - headers already sent by (output started at /var/foo/htdocs/flyspray/includes/class.flyspray.php:1006) in /var/foo/htdocs/flyspray/index.php on line 96
[18-Dec-2019 12:19:41 UTC] PHP Warning:  Cannot modify header information - headers already sent by (output started at /var/foo/htdocs/flyspray/includes/class.flyspray.php:1006) in /var/foo/htdocs/flyspray/index.php on line 97
[18-Dec-2019 12:19:41 UTC] PHP Warning:  Cannot modify header information - headers already sent by (output started at /var/foo/htdocs/flyspray/includes/class.flyspray.php:1006) in /var/foo/htdocs/flyspray/includes/class.csp.php on line 76
[18-Dec-2019 12:19:41 UTC] PHP Warning:  Cannot modify header information - headers already sent by (output started at /var/foo/htdocs/flyspray/includes/class.flyspray.php:1006) in /var/foo/htdocs/flyspray/includes/class.csp.php on line 80
[18-Dec-2019 12:19:41 UTC] PHP Warning:  Cannot modify header information - headers already sent by (output started at /var/foo/htdocs/flyspray/includes/class.flyspray.php:1006) in /var/foo/htdocs/flyspray/includes/class.csp.php on line 82
2587Backend/CoreTODOMediumdisplay_errors=1 should not set in release candidateUnconfirmed
0%
18.12.201918.12.2019 Task Description

display_errors = 1 should not set in include/fix.inc.php for releases or releases candidate, because with this it is not possibele to disable the error reporting globaly.

The problem is, if I want to enable full error reporting to logfile via “error_log=…” in php.ini, then the error will also full reported to user. Full error reporting is a hig risk for security.

Did you installed an official release or did you used an inoffical docker?!
flyspray-1.0-rc9

Steps done to create the problem:
Create a file php.in in base directory with follow contens:
error_reporting = E_ALL | E_STRICT
log_errors = On
display_errors = Off
error_log = /var/log/php-flyspray-errors.log

Expected behavior:
Errors only to log file

Experienced behavior:
All errors goes also to user.
The option “display_errors = Off” has no effect.

2586Backend/CoreTODOLowPHP7.4New
80%
peterdd1.0-rc10312.12.201913.04.2021 Task Description

PHP 7.4 is out now and a few things should be done to make Flyspray work well with it.
Nothing really breaks, but a view deprecation warnings should be fixed.

Flyspray source itself: Just a few new notices, most are yet fixed in the master branch.

Watching the PHP7.4 compatibility of dependencies defined by composer.json:

  • ADOdb/ADODb: 5.21 for PHP 8 done
  • swiftmailer/swiftmailer: We still use 5.* branch, so either do quickfix for a notice in a fork or upgrade/rewrite our integration to the 6.* branch. 6.* is PHP7+, so stay with 5.* branch for now. If Swiftmailer does not fulfill requirements, consider switching to PHPMailer for FS1.1+
  • ezyang/htmlpurifier: 4.13 OK
  • thephpleague/oauth2-client: unknown, we still use 0.13, last real source change was Nov 2018, to upgrade requires rewrite of integration into Flyspray and there is low demand for OAuth2.
  • dapphp/securimage: seems to be OK, but not maintained anymore (we could patch it if there occur problems in future)
  • jamiebicknell/sparkline: OK, but probably obsolete for us in future due
    • still annoying problems with our github/travis tests (problem of travis, not sparkline itself)
    • better solution (interactive hover infos, scales, screen size adaptive) by Flyspray source planned
2582Backend/CoreInformationLowHow to reach internal windows share (was: Internal URL)Unconfirmed
0%
304.11.201905.11.2019 Task Description

I have installed flyspray on an internal server and have problems with the renaming of internal links.

For example:
I want to put this link in the comment section.
\\192.168.200.5\Folder\example.docx

it shows the link correct,
but when you hover over the link it shows:
file://192.168.200.5/Folder/example.docx

And on clicking on it, of course I can´t access the file, because it´s trying to open an external link.
I dont want it to be renamed from ‘\’ to ‘/’.

Can somebody help me please.

I tryed to find it in the sourcecodes, but I have almost no experience in PHP.

Thank you!

2575Backend/CoreFeature RequestLowability to view and reset Flyspray default settingsNew
0%
19.09.201919.09.2019 Task Description

Motivation

Over the years the count of possible Flyspray configuration options has grown. Meanwhile there are ~60 global Flyspray settings stored in the prefs database table in contrast to only 14 entries of the 0.9.7 (not 0.9.9.7!) version from around 2005. But each configuration setting might add a little to the feeling of overwhelming when there are too much switches, buttons, checkboxes and probability of a misconfiguration raises due misunderstood or overseen settings.

But Flyspray still aims to be easy to use and work with while being accurate and customizable.

Proposal

Having a way to view the description and default value of each option would probably give people administrating a Flyspray installation a better understanding of each setting and confidence in making good decisions for their use case.

With the flyspray-install.xml file within the setup folder we yet have an elegant solution that is waiting to unlock its power!

Unfortunately the setup/ folder requires (until now at least) to be removed after install or upgrade. So we need a way to keep the flyspray-install.xml of the installed version. A trivial way would be to copy it to the include/ directory after any install or upgrade, but also other solutions could be.

Keeping the flyspray-install.xml could making following features easier:

  • Reading default value of prefs setting. That could be shown for example as css title attribute /tooltip for each setting in the matching admin forms.
  • Reading default value and field description of any table field using the descr feature of ADOdb xmlschema03.
  • Comparing the real database structure with the table structures in flyspray-install.xml . This could be useful if someone extended or fiddled with database/tables to compare with official Flyspray releases. Or for developers to compare if an database upgrade went well and as intended.
  • Having the description of a setting or database field contained within the flyspray-install.xml is good at one place and the information is not spread around like in an external manual/wiki that maybe get unmaintained, not in sync with the application or get even lost over the years.
  • Using the xml format makes a migration easier (in a broader context, to Flyspray or away from Flyspray)
  • Using the descr tag could be used to hold information which field(s) of a database table is/are foreign key field(s) pointing to primary key field(s) of another table, even if ADODB xmlschema03 does not support it yet. Would generating database schema diagram directly from flyspray-install.xml possible. (instead of manually painting it that gets outdated when structure changes)

Things to take care:

  • ADOdb and xmlschema03 does not handle table comments and field comments yet. The descr tag so is there only used when looking into the .xml file, but it does not appear in the real database schema. To make this happen, there is a good portion of contribution to the ADOdB project required (making pull request, but also get them reviewed, tested, accepted and released with a ADOdb stable release)
  • ADOdb xmlschema03 does not define or handle foreign key constraints. Adding that would require a substantial amount of constribution to get it working reliable for all supported databases that could use foreign key constraints.
  • limits of table comment length, field comment length depend on database type and database version
2573Backend/CoreTODOLowadd rel nofollow,ugc,.. settingsNew
20%
peterdd114.09.201915.09.2019 Task Description
  1. Find a good configuration name just reuse relnofollow as used by dokuwiki
  2. Find a good translation keyword for that config relnofollow
  3. Find a good translation keyword for config description (title attribute)

Goes into prefs table as it is sitewide configuration.

As first implementation a simple checkbox should be ok. Should be on the tab with other spam handling stuff like captcha configuration.

Is enabled by default (1).
Adapt setup xml files, upgrade procedure.


	
2561Backend/CoreFeature RequestMediumability to limit assignee permissions (was:User without...Confirmed
0%
705.08.201908.08.2019 Task Description

I gave a role the following privileges:

  • view own tasks
  • modify own tasks
  • view comments
  • add comments

A user with the assigned role can still modify the task descriptions and task details. (I want that user to only be able to add comments.)
I think there is a bug.
Is there a fix or walk around?
Thx

2559Backend/CoreBug ReportLowa duplicate close accepted even when missing comment/ r...New
0%
peterdd29.07.201929.07.2019 Task Description

Closing a task with selected close reason duplicate should warn when there is no comment or FS # id is given in the close comment text field.

The task is closed as duplicate without any further notice. The information to which task it is duplicate or a description (if the problem is logged/handled outside Flyspray) is lost.

Possible solutions

Frontend hints

  • variant F1 (soft): When duplicate as close reason is selected, a placeholder attribute in the close comment text field could be shown/updated. (maybe as ‘css only’ possible)
  • variant F2 (harder): Deny sending the form if duplicate selected, but comment text field is empty. and shows warning info. (javascript required, nojs browsers still send form.)
  • variant F3 (hard): Deny sending the form if duplicate selected and no task id detected in comment text field. and shows warning info. (javascript required)

Backend deny

  • variant B1 (soft): When request wants close a task with duplicate reason and (cleaned) comment string is empty, deny closing the task and give feedback to user why it was denied.
  • variant B2 (hard): It requires detecting a task id in the comment field and the first detected task id is taken for referencing as ‘is duplicate of’. Limitation of this is that the duplicate could be also a ticket or something of a complete other system.
2536Backend/CoreFeature RequestMediumstore session in Flyspray databaseNew
0%
221.01.201915.03.2019 Task Description

Currently the sessions are stored by the webservers default settings.

Having this sessions under control by Flyspray by storing it in the database has following advantages:

  1. Allows handling of all sessions of a user by Flyspray.
  2. Providing a session management for each user. The user can see on which devices he is currently logged in and could also force a logout on selective devices.
  3. A forced logoff of all or some user sessions is easy implementable for admins.
  4. Statistics about how many users and who is logged in. (user status: hide always, online, offline, do not disturb, ..)
  5. Could make onpage-notifications easier to implement.
  6. .. ?

Disadvantages:

  1. A potential unknown security bug in Flyspray that could lead to reading a session db table could leak informations like who is currently online/active and make further attacks more focused or makes session takeover easier.
  2. .. ?
2535Backend/CoreFeature RequestLownew optional Flyspray setting: add new users automatica...New
0%
216.01.201921.01.2019
2534Backend/CoreFeature RequestLowPrivate projectsUnconfirmed
0%
816.01.201918.01.2019
2527Backend/CoreBug ReportLowDatabase Check »Your mysql supports full utf-8 since 5....Unconfirmed
0%
105.01.201905.01.2019
2522Backend/CoreFeature RequestLowemail vs username login issuesResearching
0%
431.10.201802.11.2018
2491Backend/CoreBug ReportLowgroup member links if project manager but not adminNew
0%
1.001.09.201801.09.2018
2484Backend/CoreInformationLowIncrease min. version of PHP requirementUnconfirmed
0%
10.08.201810.08.2018
2482Backend/CoreInformationLowProtect issues by defaultUnconfirmed
0%
110.08.201810.08.2018
2481Backend/CoreInformationLowMove to MVCUnconfirmed
0%
10.08.201810.08.2018
2480Backend/CoreInformationLowBetter file organizationUnconfirmed
0%
110.08.201810.08.2018
2479Backend/CoreInformationLowUser table seems really complexUnconfirmed
0%
110.08.201810.08.2018
2477Backend/CoreInformationLowold style MySQL extension is abandoned ..Unconfirmed
0%
110.08.201810.08.2018
2476Backend/CoreInformationLowGuzzle/Guzzle is abandoned, should use library that's s...Unconfirmed
0%
110.08.201810.08.2018
2466Backend/CoreInformationLowHow to run under httpsUnconfirmed
0%
1303.06.201802.12.2018
2454Backend/CoreBug ReportLowPHP warning in admin edit user areaNew
0%
15.01.201815.01.2018
2453Backend/CoreBug ReportMediumvalidate category before storing a new taskNew
0%
1.014.12.201714.12.2017
2451Backend/CoreFeature RequestLowMod: blank Category - user must chose before pressing A...Confirmed
0%
208.12.201714.12.2017
2449Backend/CoreBug ReportLowUnexepted exception on smtp gmail sendUnconfirmed
10%
729.10.201710.01.2018
2448Backend/CoreBug ReportLowerror message in eventlog reportsUnconfirmed
0%
226.10.201729.10.2017
2447Backend/CoreFeature RequestMediumAllow notifications when a new task is createdUnconfirmed
0%
226.10.201729.10.2017
2441Backend/CoreBug ReportMediumrefactor dokuwiki image tagsNew
0%
15.09.201715.09.2017
2440Backend/CoreFeature RequestLowOption to disable tag featureNew
0%
15.09.201715.09.2017
2439Backend/CoreFeature RequestLowClone a ProjectNew
0%
15.09.201715.09.2017
2436Backend/CoreBug ReportLowdokuwiki renderer creates nonunique html-id for h1,h2,h...New
0%
202.08.201702.08.2017
2435Backend/CoreInformationLowMax attach a fileUnconfirmed
0%
118.07.201718.07.2017
2430Backend/CoreFeature RequestLowUser dependency on projectUnconfirmed
0%
216.03.201720.03.2017
Showing tasks 1 - 50 of 313 Page 1 of 7

Available keyboard shortcuts

Tasklist

Task Details

Task Editing