This is the Bug Tracking System for the Flyspray project. This is not a demo!

2021-04-23: Flyspray 1.0-rc10 released See

If you are upgrading from older version, please wait for 1.0-rc11.

2021-11-23: New user registration and password forgotten currently not working on due email server problems. peterdd

ID Category  asc Task Type Severity Summary Status Progress Assigned To Due In Version Opened Last Edited
2073Backend/CoreBug ReportLowCouldn't edit comment of anonymous reporterNew
17.10.201517.10.2015 Task Description

I wanted edit/fix the comment of an anonymous reporter, but the edit shows empty content on editing..

(here on closed, but non yet implemented  FS#218 )

2089Backend/CoreBug ReportMediumadding same taskid as subtask or related task should be...New
1.0207.11.201518.11.2016 Task Description

Both is a bit illogical, but both is currently possible! ;-)

1 ←- 1

So when setting the parent task id checked for creating loops is needed:

Loop with 2 tasks: 1 ←- 2 ←- 1

Loop with 3 tasks: 1 ←- 2 ←- 3 ←- 1
Loop with n tasks: 1 ←- ... ←- n < – 1

As I think there are currently no recursive reads that could lead to an endless loop, but should be kept in mind when someone wants to programm rendering a gantt chart.
E.g. by limiting the depth of subtasks for example.

2096Backend/CoreFeature RequestVery LowAdd an option to force httpsMaybe
316.01.201617.01.2016 Task Description

Can you add an option to force HTTPS ?


2101Backend/CoreBug ReportLowMobile view GUI bugConfirmed
418.02.201624.02.2016 Task Description

As you can see on screenshot attachment the GUI on mobile view is not OK.

I marked with red field what need to be fixed.

Phone used: Samsung Note 4.

2104Backend/CoreBug ReportLowfiltering by one user on tasks with multiple assignees ...New
226.02.201615.06.2020 Task Description

If you have a tasklist with tasks that have multiple assignees in a task and you search just by one of the assignees, the resulting tasklist shows only this user in the assignees column.

Expected: all assignees of the tasks are shown.

2105Backend/CoreFeature RequestMediumcountermeasures for 'add task anonymous' spamNew
127.02.201627.02.2016 Task Description

Today I got first SPAM on bugtracker.

Question: Is it possible to enable CAPTCHA for anonymus task add?

Question 2: Is it possible to delete SPAM tasks.

2119Backend/CoreBug ReportMediumfunction filter_input not always availableResearching
15.04.201615.04.2016 Task Description

filter_input() is in extension “Filter”.

It is enabled by default since PHP5.2, see but not “always”, see!topic/flyspray/QM75BvwPqGM

filter_input() is only used at 1 section in Flyspray (since 2014 up to v1.0rc1) in includes/
This is the commit

How do we solve it? Several possibilities:

2121Backend/CoreBug ReportMedium'my assigned tasks' uses like %?% search instead of use...Confirmed
1.0319.04.201603.02.2018 Task Description


The button ‘My assigned tasks’ should search only by userid, not in username or realname with the LIKE ‘%...%’ operator.

Currently the button is using the same as doing an advanced search filling the ‘Assigned To’ input field. (currently ‘dev’ param) But that search param searches in userid, username and realname.

Edit: Implemented simpler solution: if param is digitsonly, then search by userid, otherwise by username and realname if that param exists.

2122Backend/CoreBug ReportMediumopen_basedir restrictions for FS_CACHE_DIR not respecte...Suspended
422.04.201616.08.2016 Task Description

Edit by peterdd: renamed task summary

Affected versions: at least Flyspray 0.9.9(.7/*?) up to Flyspray 1.0 RC1

Original report: Title ‘Problem regarding 0.9.7 (1.0) to 1.0 RC-1 update’

I tried to update BT from modified version (database in original state) 0.9.7 to 1.0 RC-1 but I got strange error.

PHP is 5.6.

I try to use:
Precompiled with 3rd party libs for PHP5.6

and was doing as was written on upgrade procedure.

Strange is that “D:\SShopBT\includes\class.flyspray.php” there are errors regarding writtable path... Because the path is correct and all other Joomla and Wordpress web sites are working correctly..

After upgrade web site do not work att all. Login not working - just get error. So I must reverse (use backup) database and files.

Server is Windows Server and IIS (Internet Information Services)..

Complete error was (also seen in screenshot):

Warning: is_writable(): open_basedir restriction in effect. File(C:\PHP-temp) is not within the allowed path(s): (D:\) in D:\SShopBT\includes\class.flyspray.php on line 1162 
Warning: is_writable(): open_basedir restriction in effect. File(C:\PHP-temp) is not within the allowed path(s): (D:\) in D:\SShopBT\includes\class.flyspray.php on line 1164 
Warning: is_dir(): open_basedir restriction in effect. File(C:\Windows\TEMP\e865fa2fdfc11dbb32cc6262d247e766) is not within the allowed path(s): (D:\) in D:\SShopBT\includes\ on line 82 
Warning: Cannot modify header information - headers already sent by (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\header.php on line 14 
Warning: Cannot modify header information - headers already sent by (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\header.php on line 15 
Warning: Cannot modify header information - headers already sent by (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\header.php on line 16 
Warning: session_start(): Cannot send session cookie - headers already sent by (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\includes\class.flyspray.php on line 893 
Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\includes\class.flyspray.php on line 893 
Warning: Cannot modify header information - headers already sent by (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\index.php on line 93 
Warning: Cannot modify header information - headers already sent by (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\index.php on line 94 Headers are already sent, this should not have happened. Please inform Flyspray developers.
2137Backend/CoreBug ReportLowfeature accesskey bad implemented by web browsersNew
15.06.201615.06.2016 Task Description

My tests showed that the html accesskey feature is not well and consistent supported by current web browsers and is quite cumbersome to use.
And it seems it will not be better in future..

The only solution I see dropping that feature or replacing them with simple single-key-event javascript listeners, like it is currently done with keys o, j, k, n, and p.

accesskeys in Flyspray I talk about:

  • l (current SHIFT+ALT+l Firefox) login dialog / logout
  • a (current SHIFT+ALT+a Firefox) add new task
  • m (current SHIFT+ALT+m Firefox) my searches
  • t (current SHIFT+ALT+t Firefox) focus taskid search
  • e (current SHIFT+ALT+e + Enter Firefox) edit task
  • x or y? (current SHIFT+ALT+y Firefox) close task
  • s (current SHIFT+ALT+s Firefox) save task

Also related to Keyboard navigation: tabindex

2142Backend/CoreBug ReportLowPost-authenticate redirect does not make use of baseurl...Unconfirmed
28.06.201601.08.2016 Task Description

I run flyspray behind a reverse proxy with the front end url being https and with the actual back end server not being on a standard port and not using https.

Setting force_baseurl seems to sort most areas with flyspray’s url generation using that instead of picking up from $_SERVER, however post-authentication redirection does not do that it just processes redirect_to as is (which in my case means it picks up the protocol, name and port for the back end server rather than what’s set in force_baseurl).

./themes/CleanFS/templates/loginbox.tpl puts out $_SERVER[’REQUEST_URI‘] into a hidden redirect_to input field - on my setup on the front page that’s e.g. “/” or for a ticket url it would be “/index.php?do=details&task_id=999” so no protocol or hostname.

scripts/authenticate.php picks up that redirect_to value and just passes it to Flyspray::Redirect, which in turn calls FlySpray::absoluteURI on what it’s passed, and FlySpray::absoluteURI doesn’t use $baseurl to qualify the url.

Not sure what the best fix is - my suggestion would be that Redirect detects urls that aren’t fully qualified and adds the $baseurl on to the front of them, rather than calling absoluteURI (absoluteURI is used to set $baseurl if force_baseurl is unset, so that’s not appropriate to modify). Alternatively scripts/authenticate.php could check redirect_to and add $baseurl if needed.

2160Backend/CoreBug ReportLowCannot "accept" PM close request if already closedUnconfirmed
14.07.201614.07.2016 Task Description

If a task creator requested closure, and someone (developer) closes the task explicitly, the PM request cannot be later ‘accepted’ and the PM request remains in the queue.

Workaround - Deny request and queue item is removed OK.

It looks like the PM request button invoked details.close which returns early if task is already closed.

2188Backend/CoreBug ReportVery LowIt should not possible to relate a task to itselfNew
01.08.201601.08.2016 Task Description

Flyspray should show a warning, and maybe set the focus back to the field (only when it is a this-one-field-only-form.)

2190Backend/CoreFeature RequestLowenable move of a closed clask to other project without ...Researching
06.08.201606.08.2016 Task Description

Problem: By replacing just the project_id of the closed task it is possible the task then has invalid field values within the target project.

Possible scenarios:

  1. Ignore invalid values within the target project
    • Pro: Easy to do, an immidiatly revert back to the old project would “heal” the task properties.
    • Contra: may effect accuracy and reliability of other parts like searching, listing, statistic calculations
  2. Silent change task field values to valid field values of the target project if necessary
    • Pro: relative easy to do
    • Contra: a bit loss of information, little side effects
  3. allow user to modify the fields that must be changed so that every field of the task has valid values within the target project
    • Pro: accuracy
    • Contra: a bit loss of information(fallback to default values) if there are no similiar field values selectable within the project
  4. allow user to modify the fields, fields or field select values that do not exists in target project will be automatically created.
    • Pro: accuracy
    • Contra: target project may be cluttered with too many fields/field values
  5. ???
2197Backend/CoreBug ReportHighChange Time for everyoneUnconfirmed
121.08.201622.08.2016 Task Description

Flyspray does not recover the time set in php.ini. On display, the system has two hour delay.

2203Backend/CoreInformationLowlanguage files are in folder lang. But i can't change l...Unconfirmed
121.09.201621.09.2016 Task Description

In Admins Toolbox (Project preferences) i choose language de. The file exists in folder lang. But only english is shown. the same for french and so on. No really changes.

2207Backend/CoreBug ReportHighNonpublic project titles and project description exposi...Confirmed
1.0123.09.201629.09.2016 Task Description

When a anonymous user tries to display a ticket of a non public project (for example by entering a random ticket id), Flyspray exposes the title of the non public project in the header bar.

Edit by peterdd: also applies to project description

2214Backend/CoreInformationLowChanging status of task automaticallyUnconfirmed
417.10.201606.11.2016 Task Description

Hello again,

I was wondering (again :-) ) if the following scenario is possible for this bug tracking solution:

Our company uses this bug tracker mainly for helpdesk issues. However, our main users (except IT department) don’t seem to easily understand how to change the status of a ticket, they aren’t interested in doing that also.

So I would like to know if there is a way that we can develop some automatisation in changing the status automatically after customer replies to a message.

Let’s see the following scenario:

  1. user A posts a new task
  2. user B assigns himself (or other) to that specific task - the status automatically is changed to Assigned
  3. user B replies to task by adding a comment - as a result of adding the new comment the task status should change automatically to Waiting for customer - without the need that user B to change the status
  4. user A checks the comment from user B and decides to comment back to him. After pressing the Add comment button, the status should change automatically to Waiting for assignee

If the task is needed to have another status, the users can change them manually, but the automated part should be the waiting for customer and assignee.

On a basic algorithm it shouldn’t be hard (if user is logged in and is task owner, then after comment, task detail - status changing to id 4-5 from task-statuses table on mysql; if user is logged in and assigned to task, after adding comment change status 4-5 from task-statuses table).

I saw this thing on an otrs platform and it is quite ok for a simple user like ours.

Is there any way that we can personalise the flyspray in this way?

If yes, please give us an elaborate answer with what I should do for this to work.

Thanks in advance.

2220Backend/CoreInformationLowOne status with different color in tasklistUnconfirmed
524.10.201603.11.2016 Task Description

Since we have a lot of tasks pending, our team leader wants a specific status (let’s say: Waiting for dispatch) to be marked with a green background in tasklist.
Can you please help me to make this mod?

Thanks in advance.

2315Backend/CoreBug ReportLowFiling a new task is possible with no details in the ma...Unconfirmed
21.11.201621.11.2016 Task Description

When filing a task, it’s possible to submit the task without any information at all being added to the main body of the ticket. This leads to reports that are of no value because the user can simply add some vague title, hit submit, and then wonder why nothing happens other than someone closing it later as invalid.

The main body of the ticket should be considered a required field and should throw an error if nothing is in the box.

2324Backend/CoreInformationLowUpdate composer.jsonUnconfirmed
31.12.201631.12.2016 Task Description
symfony/event-dispatcher suggests installing symfony/dependency-injection ()
symfony/event-dispatcher suggests installing symfony/http-kernel ()
guzzle/guzzle suggests installing guzzlehttp/guzzle (Guzzle 5 has moved to a new package name. The package you have installed, Guzzle 3, is deprecated.)
Package guzzle/guzzle is abandoned, you should avoid using it. Use guzzlehttp/guzzle instead.
2327Backend/CoreFeature RequestLowvisibility-option for private tasksUnconfirmed
315.01.201717.01.2017 Task Description

We have some private Tasks in our FS-bugtracker to hide them from normal reporters. But we also have some external beta-testers in a betatesters-group and they should be able to see (and check) the private tasks without giving them a project manager status. So it would be good, if there is a switch in the group option to give specific groups the right to see private tasks.

2328Backend/CoreFeature RequestMediumAdd [key] support for each project instead of FS#Unconfirmed
1120.01.201710.02.2017 Task Description

Adding key support for each project instead of using the prefix FS#<task_id>

Let the administrator choose the key for project.

What’s a project key?
It prefixes each task in the project

2330Backend/CoreBug ReportLowPHP Notice: Undefined offset: 0 in scripts/index.php o...Unconfirmed
423.01.201730.01.2017 Task Description

Pretty minor, but seems to show up regularly enough in our logs. The line in question:

$outfile = str_replace(' ', '_', $tasks[0]['project_title']).'_'.date("Y-m-d").'.csv';
2332Backend/CoreBug ReportMediumCSV export filename filteringNew
224.01.201724.01.2017 Task Description

The filename for the csv export is build based on project name and current date.

Due different handling of web browsers, the appropriate http header should send the filename in ascii and also provide them as utf-8 for web browsers who can handle that.

Related RFC5987

2333Backend/CoreInformationLowSet Default View on Login?Unconfirmed
2335Backend/CoreInformationLowPDF Attachment does NOT View/Open in New Window/TabUnconfirmed
2336Backend/CoreBug ReportLowCaptcha validation always fail on registrationUnconfirmed
2338Backend/CoreBug ReportMediumExport tasks to csv has issuesUnconfirmed
2346Backend/CoreFeature RequestLowCustom css inheritanceUnconfirmed
2427Backend/CoreFeature RequestLowallow hotlinking (direct links) to uploaded filesUnconfirmed
2429Backend/CoreInformationLowMy tasks URLUnconfirmed
2430Backend/CoreFeature RequestLowUser dependency on projectUnconfirmed
2435Backend/CoreInformationLowMax attach a fileUnconfirmed
2436Backend/CoreBug ReportLowdokuwiki renderer creates nonunique html-id for h1,h2,h...New
2439Backend/CoreFeature RequestLowClone a ProjectNew
2441Backend/CoreBug ReportMediumrefactor dokuwiki image tagsNew
2447Backend/CoreFeature RequestMediumAllow notifications when a new task is createdUnconfirmed
2448Backend/CoreBug ReportLowerror message in eventlog reportsUnconfirmed
2449Backend/CoreBug ReportLowUnexepted exception on smtp gmail sendUnconfirmed
2451Backend/CoreFeature RequestLowMod: blank Category - user must chose before pressing A...Confirmed
2453Backend/CoreBug ReportMediumvalidate category before storing a new taskNew
2454Backend/CoreBug ReportLowPHP warning in admin edit user areaNew
2466Backend/CoreInformationLowHow to run under httpsUnconfirmed
2476Backend/CoreInformationLowGuzzle/Guzzle is abandoned, should use library that's s...Unconfirmed
2477Backend/CoreInformationLowold style MySQL extension is abandoned ..Unconfirmed
2479Backend/CoreInformationLowUser table seems really complexUnconfirmed
2480Backend/CoreInformationLowBetter file organizationUnconfirmed
2481Backend/CoreInformationLowMove to MVCUnconfirmed
2482Backend/CoreInformationLowProtect issues by defaultUnconfirmed
Showing tasks 51 - 100 of 316 Page 2 of 7

Available keyboard shortcuts


Task Details

Task Editing