Flyspray - The bug killer!

This is the Bug Tracking System for the Flyspray project. This is not a demo!

2019-04-22: Flyspray 1.0-rc9 released See

ID Category Task Type  asc Severity Summary Status Progress Assigned To Due In Version Opened Last Edited
2116EmailBug ReportMediumError with email notificationUnconfirmed
1908.04.201615.04.2016 Task Description

I have a major problem. At the first I thought that problem is on my server - Windows OS, IIS. But now when I have second bug tracker site on Apache server and error is the same I know that this is not server error but bug tracker error.

How can I help that we resolve this problem?

If e-mail need’s to be sent I got blank white page and nothing happens.

In attachment is my bug tracker with installer (setup) folder. If this somehow helps it?

Version which is used is 1.0 (latest on web) (edit by peterdd: was a mix of older Flyspray versions). The problem is that nothing works because e-mails are not working..

2119Backend/CoreBug ReportMediumfunction filter_input not always availableResearching
15.04.201615.04.2016 Task Description

filter_input() is in extension “Filter”.

It is enabled by default since PHP5.2, see but not “always”, see!topic/flyspray/QM75BvwPqGM

filter_input() is only used at 1 section in Flyspray (since 2014 up to v1.0rc1) in includes/
This is the commit

How do we solve it? Several possibilities:

2121Backend/CoreBug ReportMedium'my assigned tasks' uses like %?% search instead of use...Confirmed
1.0319.04.201603.02.2018 Task Description


The button ‘My assigned tasks’ should search only by userid, not in username or realname with the LIKE ‘%...%’ operator.

Currently the button is using the same as doing an advanced search filling the ‘Assigned To’ input field. (currently ‘dev’ param) But that search param searches in userid, username and realname.

Edit: Implemented simpler solution: if param is digitsonly, then search by userid, otherwise by username and realname if that param exists.

2122Backend/CoreBug ReportMediumopen_basedir restrictions for FS_CACHE_DIR not respecte...Suspended
422.04.201616.08.2016 Task Description

Edit by peterdd: renamed task summary

Affected versions: at least Flyspray 0.9.9(.7/*?) up to Flyspray 1.0 RC1

Original report: Title ‘Problem regarding 0.9.7 (1.0) to 1.0 RC-1 update’

I tried to update BT from modified version (database in original state) 0.9.7 to 1.0 RC-1 but I got strange error.

PHP is 5.6.

I try to use:
Precompiled with 3rd party libs for PHP5.6

and was doing as was written on upgrade procedure.

Strange is that “D:\SShopBT\includes\class.flyspray.php” there are errors regarding writtable path... Because the path is correct and all other Joomla and Wordpress web sites are working correctly..

After upgrade web site do not work att all. Login not working - just get error. So I must reverse (use backup) database and files.

Server is Windows Server and IIS (Internet Information Services)..

Complete error was (also seen in screenshot):

Warning: is_writable(): open_basedir restriction in effect. File(C:\PHP-temp) is not within the allowed path(s): (D:\) in D:\SShopBT\includes\class.flyspray.php on line 1162 
Warning: is_writable(): open_basedir restriction in effect. File(C:\PHP-temp) is not within the allowed path(s): (D:\) in D:\SShopBT\includes\class.flyspray.php on line 1164 
Warning: is_dir(): open_basedir restriction in effect. File(C:\Windows\TEMP\e865fa2fdfc11dbb32cc6262d247e766) is not within the allowed path(s): (D:\) in D:\SShopBT\includes\ on line 82 
Warning: Cannot modify header information - headers already sent by (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\header.php on line 14 
Warning: Cannot modify header information - headers already sent by (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\header.php on line 15 
Warning: Cannot modify header information - headers already sent by (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\header.php on line 16 
Warning: session_start(): Cannot send session cookie - headers already sent by (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\includes\class.flyspray.php on line 893 
Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\includes\class.flyspray.php on line 893 
Warning: Cannot modify header information - headers already sent by (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\index.php on line 93 
Warning: Cannot modify header information - headers already sent by (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\index.php on line 94 Headers are already sent, this should not have happened. Please inform Flyspray developers.
2128Text RenderingBug ReportLowGeshi (part of dokuwiki plugin for code blocks) uses de...Confirmed
2120.05.201605.05.2019 Task Description

The dokuwiki plugin uses a very old version of geshi for syntax highlighting which uses the deprecated /e modifier in preg_replace in two places rather than preg_replace_callback.

This can trigger warnings such as the following when initially parsing content which uses dokuwiki syntax and includes code:

PHP message: PHP Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/phpapps/flyspray/plugins/dokuwiki/inc/geshi.php on line 2058

PHP message: PHP Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/phpapps/flyspray/plugins/dokuwiki/inc/geshi.php on line 2067

This affects as well. Several hits came up on google when I search for the following due to the warnings having been displayed ahead of the page content (seen screenshot): flyspray preg_replace_callback

Because flyspray caches the results of processing dokuwiki content then the warnings don’t get emitted if the content has already been cached (so you may find that when you access the url in the screenshot that it doesn’t show the warnings unless you clear the cache entry for that task). Previews can get the warnings spat out as well if there are tagged code sections in the content.

I had a look at a more recent version of geshi ( from sourceforge) and they had fixed that issue in it (presumably along with a lot of other stuff) so I tried replacing plugins/dokuwiki/inc/geshi.php and plugins/dokuwiki/inc/geshi/* with the versions and that stopped the warnings. I haven’t extensively tested it, but it was processing stuff in code blocks correctly still on the couple of samples I tried.

I guess it’s a separate issue but the new flyspray theme doesn’t have any css styles to apply to the syntax highlighting (if you look at  FS#1107  you can see that, and in fact you can see it with the css bit below - if you inspect them with a browser dom inspector you can see that the genshi plugin has parsed and tagged the bits, but no styles are applied so its all just in the default colour). I can raise that as a separate task if worth doing? The following section in bluey stylesheet covered it I think:

.code .br0 {color:#6c6;}
.code .es0 {color:#009;font-weight:700;}
.code .kw1 {color:#b1b100;}
.code .kw2 {color:#000;font-weight:700;}
.code .kw3 {color:#006;}
.code .kw4 {color:#933;}
.code .me0 {color:#060;}
.code .nu0 {color:#c6c;}
.code .re4 {color:#099;}
.code .sc0 {color:#0bd;}
.code .sc1 {color:#db0;}
.code .sc2 {color:#090;}
.code .st0 {color:red;}
.code .co1,.code .co2,.code .coMULTI {color:gray;font-style:italic;}
.code .kw5,.code .re0,.code .re1,.code .re2 {color:#00f;}
2134Backend/CoreBug ReportHighCannot assign a task to other projectPlanned
3207.06.201617.02.2019 Task Description

Moving task to another project seems to require fields updated to target project options. This operation is not possible on the task category field and possibly others. Attempting to submit changes gives error:

“Oh, there are some incompatible properties set that must be resolved before moving this task to a different project.”

However, you cannot select a new value (from the target list) for the properties in question.

2135Backend/CoreBug ReportHigh"Modify own tasks" does not function correctly when add...Confirmed
1.013107.06.201622.08.2016 Task Description

“Oh, there are some incompatible properties set that must be resolved before moving this task to a different project.”

Oh, but I am not moving the task to a different project. Just trying to edit my own submission.

“Edit this task” → “Save details”

See attached screen capture.

2136User InterfaceBug ReportMediumAfter updating user properties as admin - return to wro...Confirmed
308.06.201623.07.2016 Task Description

Logged in as admin, modify a users group membership. After clicking update, you are returned to your logged-in profile (admin in this case). It should re-display the user’s profile you are editing.

The ‘back’ button will return to updated page.

2137Backend/CoreBug ReportLowfeature accesskey bad implemented by web browsersNew
15.06.201615.06.2016 Task Description

My tests showed that the html accesskey feature is not well and consistent supported by current web browsers and is quite cumbersome to use.
And it seems it will not be better in future..

The only solution I see dropping that feature or replacing them with simple single-key-event javascript listeners, like it is currently done with keys o, j, k, n, and p.

accesskeys in Flyspray I talk about:

  • l (current SHIFT+ALT+l Firefox) login dialog / logout
  • a (current SHIFT+ALT+a Firefox) add new task
  • m (current SHIFT+ALT+m Firefox) my searches
  • t (current SHIFT+ALT+t Firefox) focus taskid search
  • e (current SHIFT+ALT+e + Enter Firefox) edit task
  • x or y? (current SHIFT+ALT+y Firefox) close task
  • s (current SHIFT+ALT+s Firefox) save task

Also related to Keyboard navigation: tabindex

2142Backend/CoreBug ReportLowPost-authenticate redirect does not make use of baseurl...Unconfirmed
28.06.201601.08.2016 Task Description

I run flyspray behind a reverse proxy with the front end url being https and with the actual back end server not being on a standard port and not using https.

Setting force_baseurl seems to sort most areas with flyspray’s url generation using that instead of picking up from $_SERVER, however post-authentication redirection does not do that it just processes redirect_to as is (which in my case means it picks up the protocol, name and port for the back end server rather than what’s set in force_baseurl).

./themes/CleanFS/templates/loginbox.tpl puts out $_SERVER[’REQUEST_URI‘] into a hidden redirect_to input field - on my setup on the front page that’s e.g. “/” or for a ticket url it would be “/index.php?do=details&task_id=999” so no protocol or hostname.

scripts/authenticate.php picks up that redirect_to value and just passes it to Flyspray::Redirect, which in turn calls FlySpray::absoluteURI on what it’s passed, and FlySpray::absoluteURI doesn’t use $baseurl to qualify the url.

Not sure what the best fix is - my suggestion would be that Redirect detects urls that aren’t fully qualified and adds the $baseurl on to the front of them, rather than calling absoluteURI (absoluteURI is used to set $baseurl if force_baseurl is unset, so that’s not appropriate to modify). Alternatively scripts/authenticate.php could check redirect_to and add $baseurl if needed.

2160Backend/CoreBug ReportLowCannot "accept" PM close request if already closedUnconfirmed
14.07.201614.07.2016 Task Description

If a task creator requested closure, and someone (developer) closes the task explicitly, the PM request cannot be later ‘accepted’ and the PM request remains in the queue.

Workaround - Deny request and queue item is removed OK.

It looks like the PM request button invoked details.close which returns early if task is already closed.

2188Backend/CoreBug ReportVery LowIt should not possible to relate a task to itselfNew
01.08.201601.08.2016 Task Description

Flyspray should show a warning, and maybe set the focus back to the field (only when it is a this-one-field-only-form.)

2197Backend/CoreBug ReportHighChange Time for everyoneUnconfirmed
121.08.201622.08.2016 Task Description

Flyspray does not recover the time set in php.ini. On display, the system has two hour delay.

2198User InterfaceBug ReportLowMulti-Select from tasklist offers options to those who ...Unconfirmed
1122.08.201622.08.2016 Task Description

When viewing a project via the tasklist, there are a series of checkboxes available. If a user in a group with “modify own tasks” checks a box on a ticket - no matter who actually owns it - they are given a list of options to change it with.

This should not happen. The checkboxes should only be available from the tasklist if the user can actually edit the tickets they’d be next to.


2200User InterfaceBug ReportMediumIncomplete list of timezones available in the user pref...Unconfirmed
26.08.201626.08.2016 Task Description

The user preferences and the add new user screens both allow you to set the timezone offset of the user, however, we are only provided with whole hour offsets from GMT. This makes it impossible to select our timezone here in India, which is GMT+5:30 - IST(Indian Standard Time - Asia/Kolkata as per TZ Zoneinfo). In addition, there are also timezones in the GMT+x:45, which wouild also require to be handled. Note, this is totally independent of DST Changes, since some of the countries use DST(Like in Australia) and others do not(Like India).

Here is a link with more details of the same -

I will be trying to identify and fix the codebase to resolve this, and will hopefully have a patch to submit soon.

R. K. Rajeev

2201APIBug ReportHighI got Fatal Error on the Github OAuthUnconfirmed
1.0107.09.201609.09.2016 Task Description
Fatal error: Class 'League\OAuth2\Client\Provider\Github' not found in /html/bugs/includes/GithubProvider.php on line 11

I have downloaded this:
Precompiled with 3rd party libs for PHP5.6: flyspray-1.0-rc1_php56.tgz
and the file seems really dont exist.

2202Installer and UpgraderBug ReportHighUnable to upgradeUnconfirmed
310.09.201611.10.2016 Task Description

I tried to upgrade from to 1-0-rc1 but I end in an infinite redirection loop

I tried to use the github version, to change the domain name (hosted in dreamhost), to use/not-use the .htaccess, upgraded the version of php from 5.5 to 5.6, to change all the settings in the flyspray.conf.php file, but still having the error after to perform the Upgrade task and removing the setup dir

Used the prepacked dependencies since i cannot install them in this server


2207Backend/CoreBug ReportHighNonpublic project titles and project description exposi...Confirmed
1.0123.09.201629.09.2016 Task Description

When a anonymous user tries to display a ticket of a non public project (for example by entering a random ticket id), Flyspray exposes the title of the non public project in the header bar.

Edit by peterdd: also applies to project description

2215Text RenderingBug ReportLowwrong output of Geshi syntax highlighting for xml codeNew
117.10.201631.12.2017 Task Description

Geshi from is quite slow at the current integration of Flyspray v1.0-rc3 on the first run. (But any further read uses the cache.)

But it produces garbled output for xml code highlighting:

Example without xml, just format as preformatted code:


Or as php syntax highlighting (even if it doesn’t contain a real php-tag ;-) ):


Example with xml choosen as language:


The table tag is stripped away instead of converting the tag for output inside code/pre tags (by converting the < and > chars). Maybe just a configuration issue?

2223GreekBug ReportVery LowSome strings need splitting or replacementUnconfirmed
2124.10.201625.10.2016 Task Description

There is a conflict in meaning in some words. In English past tense (”he closed the task”) and past participle (”List of closed tasks”) is the same word. But in Greek they are two different words (past tense of close: έκλεισε, past participle of close: κλεισμένος/κλεισμένη/κλεισμένο/.../etc → (actually, past participle has 3 genders (male/female/neutral) x 2 grammatical numbers (singular/plural) x 4 grammatical cases (nominative/genitive/accusative/vocative)) = 24 combinations but we’ll deal with this later if needed).

So, strings that now are used both as past tense and past participle, or used both for singular and plural, must split and use a different string when past tense and a different string when past participle or singular/plural.

These strings are:

openedOpened It is used in Event log as past tense (meaning: “User X opened Y task” or “Y task was opened by X” → so in Greek must either use past tense or past participle as singular because it’s one task) and it is also used in Overview as past participle (meaning: “List of opened tasks” → so in Greek must use plural). On the other hand, the same message in task’s History uses var taskopened=”Task opened”. Maybe it would be best if var taskopened was used in Event log too instead of var opened. It would solve my problem.
closedClosed (same as above)
editedEdited (same as above)
2224GreekBug ReportVery LowSemicolon is a bad separatorUnconfirmed
1124.10.201625.10.2016 Task Description

The symbol “;” in Greek is the question mark. So a list of semicolon-separated values looks like a series of questions in Greek. (looks like this: “cat? dog? rabbit?” ;-))

I suggest replacing semicolons with commas as list separators.

In email lists space is good choice too.

2225GreekBug ReportVery LowGreek uses slash for datesConfirmed
324.10.201622.11.2016 Task Description

Short dates in Greek are represented in the majority of cases with slashes (24/10/2016). Very seldom some people may use the dash form (24-10-2016) and hardly ever the dot form (24.10.2016).

So it would be much appreciated if the slash form were a (working) option because as it is dates are a bit confusing to us, especially in a date-time combination (too many numbers in a not-so-obvious format - brain needs extra time to decode it).

2304Database QueriesBug ReportMediumGreek letters crash tagsConfirmed
126.10.201626.10.2016 Task Description

When adding a tag in Greek letters (e.g. “Δοκιμή”) I get:

Query {SELECT tag_id FROM `flyspray_list_tag` WHERE (project_id=0 OR project_id=?) AND tag_name LIKE ? ORDER BY project_id} with params {5,Δοκιμή} Failed! (Illegal mix of collations (latin1_swedish_ci,IMPLICIT) and (utf8_general_ci,COERCIBLE) for operation ‘like’)
2309User InterfaceBug ReportLowPHP noticed displayed on default "All Projects" page.Unconfirmed
302.11.201626.11.2016 Task Description

I am seeing some noticed on the front page of our tracker install that were not present prior to updating to 1.0rc3.

Notice: Undefined offset: 1 in <redacted>/scripts/index.php on line 202 Notice: Undefined offset: 2 in <redacted>/scripts/index.php on line 202

It’s displaying the full path to the files on the page.

There are effectively 2 issues here. One is that some kind of error is kicking up. Second is that it’s being shown to anyone who visits the site.

2315Backend/CoreBug ReportLowFiling a new task is possible with no details in the ma...Unconfirmed
21.11.201621.11.2016 Task Description

When filing a task, it’s possible to submit the task without any information at all being added to the main body of the ticket. This leads to reports that are of no value because the user can simply add some vague title, hit submit, and then wonder why nothing happens other than someone closing it later as invalid.

The main body of the ticket should be considered a required field and should throw an error if nothing is in the box.

2317User InterfaceBug ReportMediumDate format wrongConfirmed
1.1 devel122.11.201622.11.2016
2318Installer and UpgraderBug ReportLowsyntax_plugin required when selected ckeditor in SetupRequires testing
2330Backend/CoreBug ReportLowPHP Notice: Undefined offset: 0 in scripts/index.php o...Unconfirmed
2332Backend/CoreBug ReportMediumCSV export filename filteringNew
2336Backend/CoreBug ReportHighCaptcha validation always fail on registrationUnconfirmed
2338Backend/CoreBug ReportMediumExport tasks to csv has issuesUnconfirmed
2343EmailBug ReportMediumNotification mailUnconfirmed
2344NotificationsBug ReportLowAdmins still get noticed for new users even with the op...Unconfirmed
2345Text RenderingBug ReportLow<hr> should be in allowed tagsUnconfirmed
2436Backend/CoreBug ReportLowdokuwiki renderer creates nonunique html-id for h1,h2,h...New
2441Backend/CoreBug ReportMediumrefactor dokuwiki image tagsNew
2448Backend/CoreBug ReportLowerror message in eventlog reportsUnconfirmed
2449Backend/CoreBug ReportLowUnexepted exception on smtp gmail sendUnconfirmed
2453Backend/CoreBug ReportMediumvalidate category before storing a new taskNew
2454Backend/CoreBug ReportLowPHP warning in admin edit user areaNew
2456User InterfaceBug ReportHighMissing GUI controlsUnconfirmed
2491Backend/CoreBug ReportLowgroup member links if project manager but not adminNew
2496EmailBug ReportLowNotification Mail - Link to the task invalid when quick...Waiting on Customer
2499User InterfaceBug ReportHighChange recaptcha from using file_get_contents to CurlUnconfirmed
2527Backend/CoreBug ReportLowDatabase Check »Your mysql supports full utf-8 since 5....Unconfirmed
2528User InterfaceBug ReportLowNew user registration doesn't check for duplicate usern...Confirmed
2544EmailBug ReportLowError when registering new accountUnconfirmed
2549User InterfaceBug ReportLowOauth register template always shows "Username already ...Unconfirmed
2550EmailBug ReportLowException handling sending email notificationUnconfirmed
2552EmailBug ReportHighEmail TLS error (was 'Mail Adress encryption')Unconfirmed
Showing tasks 51 - 100 of 323 Page 2 of 7

Available keyboard shortcuts


Task Details

Task Editing