Flyspray - The bug killer!

This is the Bug Tracking System for the Flyspray project. This is not a demo!

2019-04-22: Flyspray 1.0-rc9 released See https://github.com/Flyspray/flyspray/releases

ID Category Task Type Severity Summary Status Progress  desc Assigned To Due In Version Opened Last Edited
2561Backend/CoreFeature RequestMediumability to limit assignee permissions (was:User without...Confirmed
0%
705.08.201908.08.2019 Task Description

I gave a role the following privileges:

  • view own tasks
  • modify own tasks
  • view comments
  • add comments

A user with the assigned role can still modify the task descriptions and task details. (I want that user to only be able to add comments.)
I think there is a bug.
Is there a fix or walk around?
Thx

2559Backend/CoreBug ReportLowa duplicate close accepted even when missing comment/ r...New
0%
peterdd29.07.201929.07.2019 Task Description

Closing a task with selected close reason duplicate should warn when there is no comment or FS # id is given in the close comment text field.

The task is closed as duplicate without any further notice. The information to which task it is duplicate or a description (if the problem is logged/handled outside Flyspray) is lost.

Possible solutions

Frontend hints

  • variant F1 (soft): When duplicate as close reason is selected, a placeholder attribute in the close comment text field could be shown/updated. (maybe as ‘css only’ possible)
  • variant F2 (harder): Deny sending the form if duplicate selected, but comment text field is empty. and shows warning info. (javascript required, nojs browsers still send form.)
  • variant F3 (hard): Deny sending the form if duplicate selected and no task id detected in comment text field. and shows warning info. (javascript required)

Backend deny

  • variant B1 (soft): When request wants close a task with duplicate reason and (cleaned) comment string is empty, deny closing the task and give feedback to user why it was denied.
  • variant B2 (hard): It requires detecting a task id in the comment field and the first detected task id is taken for referencing as ‘is duplicate of’. Limitation of this is that the duplicate could be also a ticket or something of a complete other system.
2560Backend/CoreBug ReportLowdo not allow close task with reason duplicate referenci...New
0%
peterdd29.07.201929.07.2019 Task Description

So closing a task

FS#1

with

reason: duplicate

and close comment

FS#1

referencing to self should be detected to avoid such user mistakes.

2316Backend/CoreBug ReportLow"wrongtoken" is displayed if the comment box is left si...Assigned
0%
peterdd7122.11.201629.07.2019 Task Description

I understand this is likely due to some sort of XSS CSRF protection, but the delay doesn’t appear to be long enough to be useful for a lengthy comment to be posted. I’ve now lost two detailed comments in our tracker because the software threw everything out and generated a meaningless error.

Further, attempting to do the normal thing and making the browser resubmit the page results in Flyspray throwing “Error #3” something something repeated action and causing a redirect to the homepage.

Surely there has to be a better way to handle this that doesn’t incur data loss?

2554User InterfaceTODOLowkeyboard shortcuts help box should adapt to current pag...New
0%
06.06.201906.06.2019 Task Description

The shortcuts help infobox should adapt to the current page type.

So when in editing a task for instance, the n (next task) and p (previous task) shortcuts are not available for a good reason. Listing them there with same priority as other keys then is not helpful.

The simpliest solution is probably putting some if-statements depending on the $do variable into CleanFS/templates/shortcuts.tpl ..

2550EmailBug ReportLowException handling sending email notificationUnconfirmed
0%
06.05.201906.05.2019 Task Description

Someone reported this:

Today i tried to report an issue about xxx on the xxx (namely xxx) and the following error message has been displayed:
Completely unexpected exception: Expected response code 250 but got code “451”, with message “451 Error in writing spool file "
This should never happend, please inform Flyspray Developers
The issue itself has been created though.
2549User InterfaceBug ReportLowOauth register template always shows "Username already ...Unconfirmed
0%
06.05.201906.05.2019 Task Description

RC9 running on CentOS LAMP stack

Steps done to create the problem:
Set up google as an oauth provider.
Have a user click “Sign in with Google” in the login box.
User connects their account with Flyspray.
Google redirects the user back to Flyspray
The return screen (on flyspray) asks for a username.

Expected behavior:
No warning about duplicate username should be shown on initial page load since no username was entered yet

Experienced behavior:
A warning about the username being already taken is shown.

It appears there is no logic for showing or hiding that warning in register.oauth.tpl

(It would be great if flyspray was able to just use the email as a username to make the UX even better/simpler.)

2545User InterfaceInformationLowCan't delete system wide 'Task Statuses'Unconfirmed
0%
320.04.201905.05.2019 Task Description

From the ‘Task Statuses’ menu, when in the global project, the ‘delete’ cases are grayed out, preventing me from deleting them.

This is a problem for me because I would like to only have project specific statuses and I would like to name one of those statuses ‘Assigned’.

For now, I got around it renaming the system wide ‘Assigned’ status.

1222Backend/CoreFeature RequestMediumWorkflow engine / Role-based State Transition Rules Eng...Unconfirmed
0%
11625.03.200705.05.2019 Task Description

I have been working with Eventum (http://www.mysql.org/downloads/other/eventum/) for quite sometime now and in contrast, I like Flyspray for its simplicity and practicality. But one thing I badly miss (and something that Eventum scores high) is a Workflow Engine. If not a sophisticated W.E., I (as an Admin / Manager) should be able define role-based state transition rules of the tasks reported in a particular project. For example, I should be able to implement the following scenario:

  1. For a “Developer”, the subsequent tasks from various states. Likewise for other roles
  2. “Developer” should not be able close out the bug reports. He/she can only flag them as implemented. The “Reporter” of the bugs or the “Manager” alone should be able to close out issues
  3. ..
  4. .. it will go on like that ;-)

This feature, in my opinion, is very crucial for corporate organizations to give a serious consideration to Flyspray.

2548User InterfaceFeature RequestLowCSS grid layout for task details page typeNew
0%
05.05.201905.05.2019 Task Description

Layouts from 320 pixel mobile portrait, tablet sizes and up to 4k monitor landscape mode using

@media queries

Mockups required not only for different sizes, but also different project configurations, user permissions, and task relations.

Should look ok whatever project configuration is done or how weird a task description is.

On wider screens the comments could be beside the task description for instance.
Or some tabs or menus could be shown directly instead of grouping in the tabs.

2544EmailBug ReportLowError when registering new accountUnconfirmed
0%
123.03.201923.03.2019 Task Description

I installed the developer edition.

mysql Ver 14.14 Distrib 5.7.25, for Linux
PHP 7.2.15-0ubuntu0.18.04.1
Ubuntu 18.04.2

Admin settings → Allow users to register and send conf. email.

I DID set up email settings thru google and sent a test email. it did work.

After logging out, I tried to register a new account. I filled in details and got the following error:
Completely unexpected exception: Expected response code 250 but got code “530”, with message “530 5.7.0 Must issue a STARTTLS command first. u13sm3937813iog.80 - gsmtp "
This should never happend, please inform Flyspray Developers

Obviously, the confirmation email was never sent.

I am going to try to manually add a new user. Will update with outcome.

2531TranslationsFeature RequestLowdetect usage of translation keywordsNew
0%
110.01.201919.03.2019 Task Description

Some translation keywords of Flyspray are used at more than one code location.

To help translators doing the correct translations, it would help to show in what context a translation keyword is used.
Especially when a keyword is used more than once.

As we have our own translation helper integrated into Flyspray, we could show a ‘translation keyword usage counter’ there and maybe show on request in which file
a translation keyword is used.

It would also help to identify ‘abandoned’ translation keywords that are not used anymore by Flyspray source.

Also it would help to identify when a translation is used at more than one location with maybe different context.

I think we can use a regular expression and scan the whole Flyspray source for that.
(and maybe database entries if there are places that have translation keywords stored - I don’t think so, but better check that too first than forget that case)

The regular expression should match that examples case insensitive for the translation keyword report:

L('report' 
L("report"
eL('report'
eL("report"

but also ugly cases like
l(    'report'
or 
El ( "report"

case insensitive.

But not for example

createURL('report'
1972User InterfaceFeature RequestLowAdvanced search form - ideas for faster/better usabilit...New
0%
1.1 devel412.03.201518.03.2019 Task Description

This task can maybe splitted into separate sub tasks.

Task properties

Current situation

  • Currently 8 multi select fields with height of 5.5 visible options.
  • For most of the selects you must scroll to make the right selections.
  • floating

Ideas

Multi select option styling

Some (not all, intentional!) browsers support CSS styling of option tags. For these who support it I think option styling is a good usability enhancement:

  • severity: We use background colors for styling in task list, so we should use the same colors for the select.
  • priority: maybe, but must be good distinguishable from severity styling. maybe not background, but maybe icons,borders,lines?
  • task type: This styling would be related to an other task, where I suggest icons/font icons for bugs, feature requests and TODO (see also themes/CleanFS/custom_example.css)
  • progress: maybe use the green %-bars as background styling
  • status: If for some status types very intuitive icons exists, they could be used for the options too.
  • due version: no idea yet, no option styling
  • reported version: no idea yet, no option styling

Update: CSS of option tags working in multi selects:

  • Firefox 64: yes
  • Safari 12: no
  • Google Chrome 71: no

So only Firefox. The intended styling could be also achieved by Javascript that renders alternative select boxes based on reading the original select boxes and their option attributes and show the user CSS styled div-tag or li-tag based constructs which do not have such restrictions.

Custom fields

  • challenge/doom level - doom faces: from easy/normal to bloody/angry face
  • os: logos like tux for linux, devil for bsd, window for ms, apple icon, osX icon, android, apple, iphone/smartphone icon, ipad/tablet icon, ..

But Consider: Different project may need different custom fields. Your gardening project may need no OS version selector.

  1. Make some intelligent positioning and sizing dependent on the count of options of the selects.
2536Backend/CoreFeature RequestMediumstore session in Flyspray databaseNew
0%
221.01.201915.03.2019 Task Description

Currently the sessions are stored by the webservers default settings.

Having this sessions under control by Flyspray by storing it in the database has following advantages:

  1. Allows handling of all sessions of a user by Flyspray.
  2. Providing a session management for each user. The user can see on which devices he is currently logged in and could also force a logout on selective devices.
  3. A forced logoff of all or some user sessions is easy implementable for admins.
  4. Statistics about how many users and who is logged in. (user status: hide always, online, offline, do not disturb, ..)
  5. Could make onpage-notifications easier to implement.
  6. .. ?

Disadvantages:

  1. A potential unknown security bug in Flyspray that could lead to reading a session db table could leak informations like who is currently online/active and make further attacks more focused or makes session takeover easier.
  2. .. ?
2305GreekFeature RequestVery LowMonth names not translatableUnconfirmed
0%
2126.10.201611.03.2019 Task Description

At first I thought month names were controled by jscalendar. But after restoring functionality of jscalendar ( FS#2226 ) I realized that month names are probably a native feature of Flyspray.

So month names need translation. Moreover, in Greek there should be grammatical cases used. For example October in Greek is Οκτώβριος (nominative case). But when you say “October 2” in Greek is “2 Οκτωβρίου” (genitive case). So month translation would require at least two strings for each month.

2134Backend/CoreBug ReportHighCannot assign a task to other projectPlanned
0%
3207.06.201617.02.2019 Task Description

Moving task to another project seems to require fields updated to target project options. This operation is not possible on the task category field and possibly others. Attempting to submit changes gives error:

“Oh, there are some incompatible properties set that must be resolved before moving this task to a different project.”

However, you cannot select a new value (from the target list) for the properties in question.

2535Backend/CoreFeature RequestLownew optional Flyspray setting: add new users automatica...New
0%
216.01.201921.01.2019 Task Description

When a Flyspray installation allows user self registration and has public but also more private projects, this feature could make the required configuration more clear:

In this case, keep the number of global user groups as low as possible and the global user group for basic or just registered users has only the ‘can login’ permission and nothing more.
Because that only would be useless for new registered users, adding them also to a basic user group of a public project could be useful.

So my suggestion is:

A new optional global setting: Something like ‘default project user group’ (store 2 values: a project_id and a group_id). Validity of that setting must be checked during any user registration, so that project must exists now and at later time as also that project user group within that project. (’Checks’ of admin prefs)

So it would be like this for a new registered userA:

  1. userA is in a basic default global user group: only login permission to handle his account registration (login, logout, user preferences, password forgotten)
  2. userA is in project X default user group: some basic permissions you want allow for every (new) registered user in project X
  3. project Y: all ‘allow anyone ...’-settings are unchecked, userA not in any user group of project Y

The setting is probably best put below the ‘Default global group for new users’ setting in the global admin prefs tab #userregistration as

Either: A dropdown list with all public projects with an existing user group and dependend on the selection the available basic project groups are loaded by ajax as a select list too.

Or: Only one dropdown list that contains a list of public projects with possible project user groups. Would not require extra ajax calls and is maybe enough because we could exclude project groups that have project manager permission or such configuration nobody would allow new registered users.

no default project user group
public projectA - simple user groupA1
public projectA - simple user groupA2
public projectB - simple user groupB
public projectC - simple user groupC

This idea could be enhanced further (put the new user to multiple public projects when he registers or let user choose from public allowed projects during registration process), but lets start simple.

2534Backend/CoreFeature RequestLowPrivate projectsUnconfirmed
0%
816.01.201918.01.2019 Task Description

I would like to restrict certain projects from view from normal users (Basic group.) I couldn’t find out a way to do it. I could restrict them from viewing tasks, which is good, but it would be nice to hide the project entirely from the Overview screen.

2022Backend/CoreFeature RequestLowdefault or auto options for some settingsNew
0%
1.1 devel103.08.201515.01.2019 Task Description

Some project and user settings should be able to set back to its default or 'auto' option.

  • flyspray or project wide task list length, currently hard coded to 250
  • user tasks_perpage setting
  • user notifytype
  • user timezone
  • user language (system/project and auto (browser detection) selectable)
  • ...
2527Backend/CoreBug ReportLowDatabase Check »Your mysql supports full utf-8 since 5....Unconfirmed
0%
105.01.201905.01.2019 Task Description

Steps done to create the problem:
Access /index.php?do=admin&area=checks with a MySQL Version >= 5.5.3

Expected behavior:
Flyspray tests for character set and displays »Your mysql supports full utf-8 since 5.5.3. You are using x.x.x and flyspray tables could be upgraded.« when database schema or one table isn’t set to utf8mb4 character set.

Experienced behavior:
Flyspray always shows this note, even though character set is correct.

As far as I can tell from the source, a query gets executed to the database (and if I do that manually the result is “utf8mb4, utf8mb4_unicode_ci” for my database), but the result doesn’t get checket, the note is always shown (line 123)

2466Backend/CoreInformationLowHow to run under httpsUnconfirmed
0%
1303.06.201802.12.2018 Task Description

I have changed the htaccess.dist into .htaccess and modified to force https.
However, despite having https activated on my site I cannot get Flyspray running, it’s waiting forever.When I abort I get a page without makeup. I have all other applications like cms and wiki running under https, so it is something I have not done in the flyspray configs obviously (as this site is running https too). But could you give me a hint?

I installed flyspray in a subdirectory, if that is something to know about...

regards, Albert

2524EmailInformationLowSMTP Mailer doesn't accept custom portsUnconfirmed
0%
05.11.201827.11.2018 Task Description

Did you installed an official release or did you used an inoffical docker?!
Yeah
MySQL 8.0.12, 7.2.9 on debian buster

Steps done to create the problem:
Enter server:port at Mail-Settings

Expected behavior:
smtp.example.com:customport would make use of the custom port

Experienced behavior:
TLS Errors

          if ($fs->prefs['email_tls']) {
              $swiftconn = Swift_SmtpTransport::newInstance($fs->prefs['smtp_server'], 587, 'tls');
          } else if ($fs->prefs['email_ssl']) {
              $swiftconn = Swift_SmtpTransport::newInstance($fs->prefs['smtp_server'], 465, 'ssl');
          } else {
              $swiftconn = Swift_SmtpTransport::newInstance($fs->prefs['smtp_server']);
          }

Should be changed to

          $someTemporaryVariable = explode(':',$fs->prefs['smtp_server']);
          if ($fs->prefs['email_tls']) {
              $swiftconn = Swift_SmtpTransport::newInstance($someTemporaryVariable[0], $someTemporaryVariable[1] || 587, 'tls');
          } else if ($fs->prefs['email_ssl']) {
              $swiftconn = Swift_SmtpTransport::newInstance($someTemporaryVariable[0], $someTemporaryVariable[1] || 465, 'ssl');
          } else {
              $swiftconn = Swift_SmtpTransport::newInstance($someTemporaryVariable[0], $someTemporaryVariable[1] || 25);
          }
2521EmailInformationLowTLS email with self-signed certificate doesn't work, "C...Unconfirmed
0%
531.10.201803.11.2018 Task Description

I use a personal email server with a self-signed certificate (i’m not sure if it’s possible to use my https certificate for that? i don’t even kind of understand what all I did to get this email server setup, and I don’t really want to mess with it... especially since my https certificate comes from Let’s Encrypt... so i might have to muck with the email server every 60 days ... not sure?) ..

anyway, when I try to connect to it with Flyspray, I get above the Test Email button, “Completely unexpected exception: Unable to connect with TLS encryption
This should never happend, please inform Flyspray Developers”

Most systems have a way to override and accept an invalid cert, but I’m not seeing anything obvious about doing that with Flyspray. Does a function for this already exist, or do we need a way to do that? (alternatively, I would accept help in properly configuring my email lol)

2498TranslationsInformationLowApply variable in language keys to push the local site ...Unconfirmed
0%
118.09.201802.11.2018 Task Description

Hi, in order for us to push our name (rather than flyspray) on emails, notifications, and GUI we had to edit the language file to replace the text “flyspray” with our install site name. That way notifications come from our company name rather than flyspray.

It would be nice if you could take the site name variable and add it to the language files in all keys that face the public user and all notifications. This would not only prevent editing of the lang file but also make setup alot faster.

Thanks so much..
Dave

2499User InterfaceBug ReportHighChange recaptcha from using file_get_contents to CurlUnconfirmed
0%
118.09.201802.11.2018 Task Description

The issue with many servers now and the reason that recaptcha does not work is because it requires servers to enable allow_url_fopen which is a huge security risk. That is why you get the warning message when you try to run recaptcha that file_get_contents failed to connect.

So the solution is to use Curl to do that job.

Here is the fixed file, excuse my mess i had not cleaned up my code yet... but recaptcha now works.

this file goes in the includes dir... you can clean up the file if you like again sorry about that.

2522Backend/CoreFeature RequestLowemail vs username login issuesResearching
0%
431.10.201802.11.2018
2216NotificationsFeature RequestLowAdd slack integration (webhook)Unconfirmed
0%
1118.10.201625.10.2018
2496EmailBug ReportLowNotification Mail - Link to the task invalid when quick...Waiting on Customer
0%
213.09.201814.09.2018
2491Backend/CoreBug ReportLowgroup member links if project manager but not adminNew
0%
1.001.09.201801.09.2018
2482Backend/CoreInformationLowProtect issues by defaultUnconfirmed
0%
110.08.201810.08.2018
2480Backend/CoreInformationLowBetter file organizationUnconfirmed
0%
110.08.201810.08.2018
2476Backend/CoreInformationLowGuzzle/Guzzle is abandoned, should use library that's s...Unconfirmed
0%
110.08.201810.08.2018
2479Backend/CoreInformationLowUser table seems really complexUnconfirmed
0%
110.08.201810.08.2018
2477Backend/CoreInformationLowold style MySQL extension is abandoned ..Unconfirmed
0%
110.08.201810.08.2018
2484Backend/CoreInformationLowIncrease min. version of PHP requirementUnconfirmed
0%
10.08.201810.08.2018
2481Backend/CoreInformationLowMove to MVCUnconfirmed
0%
10.08.201810.08.2018
2336Backend/CoreBug ReportHighCaptcha validation always fail on registrationUnconfirmed
0%
1301.02.201721.07.2018
2114TranslationsTODOMediumStandardize the priority meaning across flyspray transl...New
0%
207.04.201626.03.2018
2459User InterfaceFeature RequestLowAttachments on/off and max size setting in Admin Toolbo...Unconfirmed
0%
116.02.201803.03.2018
2029Backend/CoreFeature RequestLowpossibility to let a user describe himselfNew
0%
112.08.201518.01.2018
2454Backend/CoreBug ReportLowPHP warning in admin edit user areaNew
0%
15.01.201815.01.2018
2215Text RenderingBug ReportLowwrong output of Geshi syntax highlighting for xml codeNew
0%
117.10.201631.12.2017
2054Backend/CoreFeature RequestLowFields for csv export choosable like for task listNew
0%
2.0117.09.201531.12.2017
2451Backend/CoreFeature RequestLowMod: blank Category - user must chose before pressing A...Confirmed
0%
208.12.201714.12.2017
2453Backend/CoreBug ReportMediumvalidate category before storing a new taskNew
0%
1.014.12.201714.12.2017
2447Backend/CoreFeature RequestMediumAllow notifications when a new task is createdUnconfirmed
0%
226.10.201729.10.2017
2448Backend/CoreBug ReportLowerror message in eventlog reportsUnconfirmed
0%
226.10.201729.10.2017
2444Installer and UpgraderInformationLowcomposer hits memory limitsNew
0%
04.10.201704.10.2017
2440Backend/CoreFeature RequestLowOption to disable tag featureNew
0%
15.09.201715.09.2017
2441Backend/CoreBug ReportMediumrefactor dokuwiki image tagsNew
0%
15.09.201715.09.2017
Showing tasks 101 - 150 of 316 Page 3 of 7

Available keyboard shortcuts

Tasklist

Task Details

Task Editing