Flyspray - The bug killer!

I have a public bug tracker and would like to have a TODO like task, except restricted so only the developers can set the task type to TODO, while the general reporters can just submit bug reports or feature requests.

the installer does not check for reserved characters when writing to flyspray.conf.php, causing parse_ini_file() to return an invalid database password.

and simplify interface:

• If the tasks are collapsed, show only the expand all link/button
• If ths tasks are expanded, show only the collapse all link/button

I played with adding a dark mode color theme to the default CleanFS theme.

To make the dark theme just simple exchange some colors, the bitmap icons should be replaced with alternatives.

Easiest would be using the fontawesome font icons as Flyspray still uses them and they can simply get a css color assigned.

Examples

Navigation and Forms

Editors

I’ve tried inserting an image in the intro message but it doesn’t show. Is there something broken in the formattext.inc file? Seems unlikley because it’s so old but can’t work out why nothing shows.

Alan

I had to disable some parts last year within dokuwiki quickly due sever reported security issues in that area.

As tradeoff embedding images currently don’t work within dokuwiki textareas in Flyspray.

As I too wish that feature reappear working for my projects, this is on my personal list. But requires focused free time because must be made secure.

Maybe instead of using fetch.php of dokuwiki, we can use Flypsray’s ?getfile=id , which also checks permissions.
But must check also securly file types and maybe resize images to fit into the desired page (thumbnails).

If a project has no versions defined yet and there are also no 'global' versions defined,
there is not need for displaying the version selects.

Same for categories. If no categories in project and no global categories then no need for displaying a cat select.

Maybe a tooltip/hint in the extended search form to inform the user that the fields were hidden for that reason.

Most (or even all?) of the selectable events should be preselected in the selection list.

I run flyspray behind a reverse proxy with the front end url being https and with the actual back end server not being on a standard port and not using https.

Setting force_baseurl seems to sort most areas with flyspray’s url generation using that instead of picking up from $_SERVER, however post-authentication redirection does not do that it just processes redirect_to as is (which in my case means it picks up the protocol, name and port for the back end server rather than what’s set in force_baseurl).

./themes/CleanFS/templates/loginbox.tpl puts out $_SERVER[’REQUEST_URI‘] into a hidden redirect_to input field - on my setup on the front page that’s e.g. “/” or for a ticket url it would be “/index.php?do=details&task_id=999” so no protocol or hostname.

scripts/authenticate.php picks up that redirect_to value and just passes it to Flyspray::Redirect, which in turn calls FlySpray::absoluteURI on what it’s passed, and FlySpray::absoluteURI doesn’t use $baseurl to qualify the url.

Not sure what the best fix is - my suggestion would be that Redirect detects urls that aren’t fully qualified and adds the $baseurl on to the front of them, rather than calling absoluteURI (absoluteURI is used to set $baseurl if force_baseurl is unset, so that’s not appropriate to modify). Alternatively scripts/authenticate.php could check redirect_to and add $baseurl if needed.

Since PHP7.2 shows a warning in admin area ?do=admin&area=users&user_id=1234567890, when user_id is set, but no alternative user_name parameter.

Probably related to scripts/admin.php

$id = Flyspray::UserNameToId(Req::val('user_name'));
if (!$id) {
  $id = Req::val('user_id');
}

Reopening a task triggers a PHP notice with PHP7.4 under some circumstances.
Reopening a task triggers a PHP warning with PHP8.0 under some circumstances.

Reproduce:

1. Create task
2. Close task directly without setting a completion percentage
3. Reopen the task

Notice: Trying to access array offset on value of type bool in /***/includes/modify.inc.php on line 684
Notice: Trying to access array offset on value of type bool in /***/includes/modify.inc.php on line 686
Notice: Trying to access array offset on value of type bool in /***/includes/modify.inc.php on line 686

For Flyspray installations with many users (several thousands) a pagination of the user list in the admin area is required.

2000 users no problem to display (aside the PHP max_input_vars limit which is only 1000 by default, so maybe not all checked checkboxes are handled.)

More users might send your mysql to long running blocking queries creating temp tables … bad!

(I killed them by watching show processlist; and kill id; on mysql console.)

Rethink the current sets of buttons and their functionality.

Maybe a mousover hint/cheatsheet of available dokuwiki syntax is more helpful in writing fast and efficient.

• buttongroup links http,email,ftp
• buttongroup code, code php: why a single button for php? maybe a cheatsheet or subselect for choosing a language (read directory plugins/dokuwiki/inc/geshi for that). Or even better: Let the project administrator define what source code languages are used/popular in a software project and dependend of that setting prefer/promote that languages
• I miss a blockquote- or cite-tag for citation, which is more semantic than bold, italic, underline buttons. Update: It is the > character followed by text!
• Show a cheatsheet (by mouseover?) of dokuwiki smileys as defined at plugins/dokuwiki/conf , update to current config of dokuwiki, facepalm for instance is missing

8-) 8-O 8-o :-( :-) =) :-/ :-\ :-? :-D :-P :-o :-O :-x :-X :-| ;-) ^_^ :?: :!: LOL FIXME DELETEME

icon_cool.gif icon_eek.gif icon_eek.gif icon_sad.gif icon_smile.gif icon_smile2.gif icon_doubt.gif icon_doubt2.gif icon_confused.gif icon_biggrin.gif icon_razz.gif icon_surprised.gif icon_surprised.gif icon_silenced.gif icon_silenced.gif icon_neutral.gif icon_wink.gif icon_fun.gif (not working as first character on a line, bug?) icon_question.gif icon_exclaim.gif icon_lol.gif fixme.gif delete.gif

There is a wish on the Flyspray mailing list:

Is there a way of hiding the TAGS input field from the Add New Task form?

Alan

If it is just hiding on that form, there are several options to achieve this (from simple to complex)

A) Hide by CSS

#edit_tags{display:none;}

B) Hide by CSS (better)

#edit_tags{display:none;}

D) Edit themes/CleanFS/templates/newtask.tpl directly

E) Use a custom template

D) Nag or caress someone

Currently it seems a user needs two accounts
to login by normal user-password and oauth2 login with facebook,g+ etc.

Better would be if a normal username-password registered user could connect a oauth2-login with his existing login.

This is a parent task for all small helping or explaining tooltips that can be maybe added where approriate.

Many people don't like reading external documentations, which sometimes often is also not up to date with the current used version.

If you are doing something in Flyspray and you don't know exactly how it works or have to be done rigth and you must look at documentation, it breaks your workflow.

The best case is if its all perfect intuitive and you don't have to read any help texts. But in the case of more complex operations or things that do many things behind the scene a helping tooltip or explanation can give you a mental map and more trust into what the tool is doing.

RC9 running on CentOS LAMP stack

Steps done to create the problem:
Set up google as an oauth provider.
Have a user click “Sign in with Google” in the login box.
User connects their account with Flyspray.
Google redirects the user back to Flyspray
The return screen (on flyspray) asks for a username.

Expected behavior:
No warning about duplicate username should be shown on initial page load since no username was entered yet

Experienced behavior:
A warning about the username being already taken is shown.

It appears there is no logic for showing or hiding that warning in register.oauth.tpl

(It would be great if flyspray was able to just use the email as a username to make the UX even better/simpler.)

Notice: Only variables should be assigned by reference in /*/setup/index.php on line 883 
Notice: Only variables should be assigned by reference in /*/setup/index.php on line 949

On flyspray/index.php?do=admin&area=newuser I sucessfuly register user with email ;

I don’t recieve popup with message ‘You did’nt enter valid e-mail address’

After that on new page i receive error:

Completely unexpected exception: Address in mailbox given [;] does not comply with RFC 2822, 3.6.2.
This should never happend, please inform Flyspray Developers

need add option for can set default Severity and Priority of new creating tasks

• On the myprofile page have a section to show all my votes I put on tasks. done!
• Add the possibility to remove own votes from tasks. done!

• Implement a limitation of the amount of votes a user can put on tasks for a project. Can be enabled/disabled and amount configured. Done!
• project based vote limitation

• When a task is finished/closed, remove the user votes from the task and make that vote again available to the user. Maybe safe the existing historic voting count in an extra field of the task as the votes would drop to 0 on closing the task. removed.

We keep the votes, because a task can be reopened everytime and then the old voters and votes should be visible again. In this case the amount of votes on active task could be a bit greater than allowed, but thats no real problem.
The calculation of done votes and available votes based only on open task and project voting limit.

For example on uservoice.com you have 10 voting points. So you as user has to decide where your priorities are to put your votes.

So all users have more or less the same power to vote for tasks.

That way you can just protect the setup routes after installation, etc.

And have a much less cumbersome .htaccess file.

And take sensitive files outside of the server path and not risk letting them get out in the public

Just moved issue #110 from https://github.com/Flyspray/flyspray/issues/110 to here for centralized task tracking.

Maybe just needs testing with current github master.

currently absolute positioning overlapping deny button and not full visible

Possible better solution:

• cssbased toggle

• left:50%; width:300px;margin-left:-150px;margin-top:50px;

The shortcuts help infobox should adapt to the current page type.

So when in editing a task for instance, the n (next task) and p (previous task) shortcuts are not available for a good reason. Listing them there with same priority as other keys then is not helpful.

The simpliest solution is probably putting some if-statements depending on the $do variable into CleanFS/templates/shortcuts.tpl ..

Flyspray should show a warning, and maybe set the focus back to the field (only when it is a this-one-field-only-form.)