Flyspray - The bug killer!

I have a major problem. At the first I thought that problem is on my server - Windows OS, IIS. But now when I have second bug tracker site on Apache server and error is the same I know that this is not server error but bug tracker error.

How can I help that we resolve this problem?

If e-mail need’s to be sent I got blank white page and nothing happens.

In attachment is my bug tracker with installer (setup) folder. If this somehow helps it?

Version which is used is 1.0 (latest on web) (edit by peterdd: was a mix of older Flyspray versions). The problem is that nothing works because e-mails are not working..

filter_input() is in extension “Filter”.

It is enabled by default since PHP5.2, see http://php.net/manual/en/migration52.new-extensions.php but not “always”, see https://groups.google.com/forum/?hl=de#!topic/flyspray/QM75BvwPqGM

filter_input() is only used at 1 section in Flyspray (since 2014 up to v1.0rc1) in includes/fix.inc.php
This is the commit https://github.com/Flyspray/flyspray/commit/40861911260812c99682fe3456350cb63bb243a9

How do we solve it? Several possibilities:

• Do we really need this calls here? What “bad input” is filtered here?
• Test if the extension is enabled at install/update tests/screens.
• use function_exists() test at every request ( similiar to the source code before https://github.com/Flyspray/flyspray/commit/40861911260812c99682fe3456350cb63bb243a9 )

Problem: https://github.com/Flyspray/flyspray/pull/552

The button ‘My assigned tasks’ should search only by userid, not in username or realname with the LIKE ‘%...%’ operator.

Currently the button is using the same as doing an advanced search filling the ‘Assigned To’ input field. (currently ‘dev’ param) But that search param searches in userid, username and realname.

Edit: Implemented simpler solution: if param is digitsonly, then search by userid, otherwise by username and realname if that param exists.

Edit by peterdd: renamed task summary

Affected versions: at least Flyspray 0.9.9(.7/*?) up to Flyspray 1.0 RC1

Original report: Title ‘Problem regarding 0.9.7 (1.0) to 1.0 RC-1 update’

I tried to update BT from modified version (database in original state) 0.9.7 to 1.0 RC-1 but I got strange error.

PHP is 5.6.

I try to use:
Precompiled with 3rd party libs for PHP5.6

and was doing as was written on upgrade procedure.

Strange is that “D:\SShopBT\includes\class.flyspray.php” there are errors regarding writtable path... Because the path is correct and all other Joomla and Wordpress web sites are working correctly..

After upgrade web site do not work att all. Login not working - just get error. So I must reverse (use backup) database and files.

Server is Windows Server and IIS (Internet Information Services)..

Complete error was (also seen in screenshot):

Warning: is_writable(): open_basedir restriction in effect. File(C:\PHP-temp) is not within the allowed path(s): (D:\) in D:\SShopBT\includes\class.flyspray.php on line 1162 
Warning: is_writable(): open_basedir restriction in effect. File(C:\PHP-temp) is not within the allowed path(s): (D:\) in D:\SShopBT\includes\class.flyspray.php on line 1164 
Warning: is_dir(): open_basedir restriction in effect. File(C:\Windows\TEMP\e865fa2fdfc11dbb32cc6262d247e766) is not within the allowed path(s): (D:\) in D:\SShopBT\includes\constants.inc.php on line 82 
Warning: Cannot modify header information - headers already sent by (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\header.php on line 14 
Warning: Cannot modify header information - headers already sent by (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\header.php on line 15 
Warning: Cannot modify header information - headers already sent by (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\header.php on line 16 
Warning: session_start(): Cannot send session cookie - headers already sent by (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\includes\class.flyspray.php on line 893 
Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\includes\class.flyspray.php on line 893 
Warning: Cannot modify header information - headers already sent by (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\index.php on line 93 
Warning: Cannot modify header information - headers already sent by (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\index.php on line 94 Headers are already sent, this should not have happened. Please inform Flyspray developers.

Logged in as admin, modify a users group membership. After clicking update, you are returned to your logged-in profile (admin in this case). It should re-display the user’s profile you are editing.

The ‘back’ button will return to updated page.

My tests showed that the html accesskey feature is not well and consistent supported by current web browsers and is quite cumbersome to use.
And it seems it will not be better in future..

The only solution I see dropping that feature or replacing them with simple single-key-event javascript listeners, like it is currently done with keys o, j, k, n, and p.

accesskeys in Flyspray I talk about:

• l (current SHIFT+ALT+l Firefox) login dialog / logout
• a (current SHIFT+ALT+a Firefox) add new task
• m (current SHIFT+ALT+m Firefox) my searches
• t (current SHIFT+ALT+t Firefox) focus taskid search
• e (current SHIFT+ALT+e + Enter Firefox) edit task
• x or y? (current SHIFT+ALT+y Firefox) close task
• s (current SHIFT+ALT+s Firefox) save task

Also related to Keyboard navigation: tabindex

I run flyspray behind a reverse proxy with the front end url being https and with the actual back end server not being on a standard port and not using https.

Setting force_baseurl seems to sort most areas with flyspray’s url generation using that instead of picking up from $_SERVER, however post-authentication redirection does not do that it just processes redirect_to as is (which in my case means it picks up the protocol, name and port for the back end server rather than what’s set in force_baseurl).

./themes/CleanFS/templates/loginbox.tpl puts out $_SERVER[’REQUEST_URI‘] into a hidden redirect_to input field - on my setup on the front page that’s e.g. “/” or for a ticket url it would be “/index.php?do=details&task_id=999” so no protocol or hostname.

scripts/authenticate.php picks up that redirect_to value and just passes it to Flyspray::Redirect, which in turn calls FlySpray::absoluteURI on what it’s passed, and FlySpray::absoluteURI doesn’t use $baseurl to qualify the url.

Not sure what the best fix is - my suggestion would be that Redirect detects urls that aren’t fully qualified and adds the $baseurl on to the front of them, rather than calling absoluteURI (absoluteURI is used to set $baseurl if force_baseurl is unset, so that’s not appropriate to modify). Alternatively scripts/authenticate.php could check redirect_to and add $baseurl if needed.

If a task creator requested closure, and someone (developer) closes the task explicitly, the PM request cannot be later ‘accepted’ and the PM request remains in the queue.

Workaround - Deny request and queue item is removed OK.

It looks like the PM request button invoked details.close which returns early if task is already closed.

Flyspray should show a warning, and maybe set the focus back to the field (only when it is a this-one-field-only-form.)

Flyspray does not recover the time set in php.ini. On display, the system has two hour delay.

The user preferences and the add new user screens both allow you to set the timezone offset of the user, however, we are only provided with whole hour offsets from GMT. This makes it impossible to select our timezone here in India, which is GMT+5:30 - IST(Indian Standard Time - Asia/Kolkata as per TZ Zoneinfo). In addition, there are also timezones in the GMT+x:45, which wouild also require to be handled. Note, this is totally independent of DST Changes, since some of the countries use DST(Like in Australia) and others do not(Like India).

Here is a link with more details of the same - http://www.timeanddate.com/time/time-zones-interesting.html

I will be trying to identify and fix the codebase to resolve this, and will hopefully have a patch to submit soon.

Regards
R. K. Rajeev

Fatal error: Class 'League\OAuth2\Client\Provider\Github' not found in /html/bugs/includes/GithubProvider.php on line 11

I have downloaded this:
Precompiled with 3rd party libs for PHP5.6: flyspray-1.0-rc1_php56.tgz
and the file seems really dont exist.

I tried to upgrade from 0.9.9.7 to 1-0-rc1 but I end in an infinite redirection loop

I tried to use the github version, to change the domain name (hosted in dreamhost), to use/not-use the .htaccess, upgraded the version of php from 5.5 to 5.6, to change all the settings in the flyspray.conf.php file, but still having the error after to perform the Upgrade task and removing the setup dir

Used the prepacked dependencies since i cannot install them in this server

Thanks
Thanatermesis

When a anonymous user tries to display a ticket of a non public project (for example by entering a random ticket id), Flyspray exposes the title of the non public project in the header bar.

Edit by peterdd: also applies to project description

Geshi 1.0.8.17 from https://github.com/easybook/geshi is quite slow at the current integration of Flyspray v1.0-rc3 on the first run. (But any further read uses the cache.)

But it produces garbled output for xml code highlighting:

Example without xml, just format as preformatted code:

<table>blabla</table>

Or as php syntax highlighting (even if it doesn’t contain a real php-tag ):

<table>blabla</table>

Example with xml choosen as language:

blabla

The table tag is stripped away instead of converting the tag for output inside code/pre tags (by converting the < and > chars). Maybe just a configuration issue?

Short dates in Greek are represented in the majority of cases with slashes (24/10/2016). Very seldom some people may use the dash form (24-10-2016) and hardly ever the dot form (24.10.2016).

So it would be much appreciated if the slash form were a (working) option because as it is dates are a bit confusing to us, especially in a date-time combination (too many numbers in a not-so-obvious format - brain needs extra time to decode it).

When adding a tag in Greek letters (e.g. “Δοκιμή”) I get:

Query {SELECT tag_id FROM `flyspray_list_tag` WHERE (project_id=0 OR project_id=?) AND tag_name LIKE ? ORDER BY project_id} with params {5,Δοκιμή} Failed! (Illegal mix of collations (latin1_swedish_ci,IMPLICIT) and (utf8_general_ci,COERCIBLE) for operation ‘like’)

I am seeing some noticed on the front page of our tracker install that were not present prior to updating to 1.0rc3.

Notice: Undefined offset: 1 in <redacted>/scripts/index.php on line 202 Notice: Undefined offset: 2 in <redacted>/scripts/index.php on line 202

It’s displaying the full path to the files on the page.

There are effectively 2 issues here. One is that some kind of error is kicking up. Second is that it’s being shown to anyone who visits the site.

When filing a task, it’s possible to submit the task without any information at all being added to the main body of the ticket. This leads to reports that are of no value because the user can simply add some vague title, hit submit, and then wonder why nothing happens other than someone closing it later as invalid.

The main body of the ticket should be considered a required field and should throw an error if nothing is in the box.

In some parts of the world (primarily the US), the date is viewed as Month/Day/Year. However, all options in the current rc4 build are listed as Day/Month/Year aside from one, which goes ShortWrittenMonth/Day#/Year#.

This is poor from a customer perspective, and can be highly confusing. I can change the date globally to a correct format in the database, but this doesn’t help much as every user can select their own date which has all incorrect formats.

When choosing HTML/CKEditor on the setup screen you are presented with an error stating that syntax plugin cannot be empty.

This is due to the option value being empty:

<select name="syntax_plugin">
			<option value="dokuwiki">Text/Dokuwiki</option>
			<option value="">HTML/CKEditor</option>
			</select>

A suggested fix is to remove the requirement to select an option (since you have to select one or the other anyway).

I’m trying to upgrade from 0.9.9.7 to 1.0-rc4 but the Upgrader stops with this message:

Query {UPDATE "tasks" SET detailed_desc = ?WHERE task_id = ?} with params {,400} Failed! (ERROR: invalid byte sequence for encoding "UTF8": 0xc3 0x3c)

Ubuntu 14.04.5 LTS
PostgreSQL 9.3.10

Pretty minor, but seems to show up regularly enough in our logs. The line in question:

$outfile = str_replace(' ', '_', $tasks[0]['project_title']).'_'.date("Y-m-d").'.csv';

The filename for the csv export is build based on project name and current date.

Due different handling of web browsers, the appropriate http header should send the filename in ascii and also provide them as utf-8 for web browsers who can handle that.

Related RFC5987

Correct or wrong code return false!

The results of Securimage Test Script on my server

This script will test your PHP installation to see if Securimage will run on your server.

Session Functionality: Yes!
GD Support: Yes!
GD Version: bundled (2.1.0 compatible)
imageftbbox function: Yes!
TTF Support (FreeType): Yes!
JPEG Support: Yes!
PNG Support: Yes!
GIF Read Support: Yes!
GIF Create Support: Yes!
SQLite Support: Yes!
SQLite is available. If you choose to use it, Securimage can support users who do not accept cookies.
MySQL Support: Yes!
MySQL is available. If you choose to use it, Securimage can support users who do not accept cookies by storing codes in MySQL.
PostgreSQL Support: No
No PostgreSQL support.
LAME MP3 Support: No
LAME was not found, audio will work in WAV format, but not MP3. See Securimage HTML5 audio documentation for info.
Your server meets the requirements for using Securimage!

on modify.inc.php line:754 got

if( !Post::isAlnum('captcha_code') || !$image->check(Post::val('captcha_code'))) {

if( true == false || false == false ) {