Flyspray - The bug killer!

This is the Bug Tracking System for the Flyspray project. This is not a demo!

2017-10-05: Flyspray 1.0-rc6 released This is a security release. https://github.com/Flyspray/flyspray/releases

IDCategoryTask TypeSeveritySummaryStatusProgressAssigned To  ascDue In VersionOpenedLast Edited
2437Backend/CoreBug ReportCriticalSpammers are able to bypass disabled user registrationsUnconfirmed
0%
406.08.201709.10.2017 Task Description

Spammers have found a way to bypass the block on user registration and cause entries to be inserted into the registrations table in the database. I have 30+ of them in there right now, all inserted within the last 2 days. I’ve had user registrations disabled for 2 weeks now because of an onslaught of spammers who won’t leave us alone. Flyspray has insufficient safeguards against them so when this happens I have little choice.

I don’t have any idea how, but these entries in the registrations table are resulting in emails being sent out to these accounts that are bouncing because the spammers are on domain blocklists for forging their DNS responses.

Something needs to be done about this, because if they can insert phantom entries into this database table via the code, what else could they be doing that we haven’t spotted yet?

1673Backend/CoreBug ReportHighOnly white screen after upgrade to 1.0 - reasonsConfirmed
10%
1.1 devel31412.01.201117.08.2016 Task Description

After I upgraded to version 1.0 (the upgrade was successful), flyspray only shows a white page (and the source in firefox shows, that the page is completely white).


Please help us finding the roots of these bugs!

Please report what you were exactly doing before this happend, report us your steps made, the used php version, used OS version, and such information.

We think most cases of that “white screen” are relying on the third party vendor libraries behavior we use.
When a library detects an error, sometimes they just call die() or exit; of php, but suppress error messages. So the script just stopped not giving any output to browser.

The dev versions from github use composer for installing the required libraries. We will package them on the final release together and make sure most cases of “white screen” are fixed.

1849Backend/CoreFeature RequestHighInstaller OverhaulPlanned
50%
1.1 devel515.03.201315.07.2016 Task Description

The application installer needs an overhaul, all strict notices fixed and the associated dependant tasks resolved.

2075NotificationsBug ReportHighToo spammy notifications under some circumstancesRequires testing
40%
1.019.10.201503.11.2015 Task Description

danoh on github wants to work on patch. Couldn’t find him here..

2086Backend/CoreBug ReportHighBasic User can see all Projects and TasksUnconfirmed
20%
803.11.201526.01.2017 Task Description

Since Update to Flyspray 1.0 Beta2 all users can see every task in every project.

The rights were set up correctly in Flyspray 1.0 Alpha and worked just fine.

2087Backend/CoreInformationHighSee no Editor in Add New TaskUnconfirmed
0%
4104.11.201505.11.2015 Task Description

Hi,

I can’t see the Editor when I make new task. Also when I editing a exciting task.

See nothing to put any HTML code in it. Can you help me!?

I use this version: Flyspray 0.9.9.7

2094EmailBug ReportHighAfter Upgrade All Users Receive Notifications for All T...Unconfirmed
0%
4106.01.201613.01.2016 Task Description

I upgraded from 0.9.9 to 1.0-beta2 a few hours ago. I received an error about oauth during the upgrade (didn’t think to take a screenshot). In any case, the upgrade otherwise seemed to go smoothly. When I subsequently closed a few tasks people who weren’t assigned to receive notifications for those tasks, even old consultants whose account I had disabled years ago, received the email notification. I also received lots of bounced emails from accounts whose email addresses were no longer existant.

Has anyone else experienced this? I’ve gone into the database and null’d out the email addresses of old accounts to prevent further spam. Not only did it notify everyone who had an account (active or disabled) but it put their email address in the To: field for all to see.

2134Backend/CoreInformationHighCannot assign a task to other projectUnconfirmed
0%
3107.06.201631.10.2016 Task Description

Moving task to another project seems to require fields updated to target project options. This operation is not possible on the task category field and possibly others. Attempting to submit changes gives error:

“Oh, there are some incompatible properties set that must be resolved before moving this task to a different project.”

However, you cannot select a new value (from the target list) for the properties in question.

2159Backend/CoreTODOHighfresh registered user accounts created spam tasksNew
0%
204.07.201625.10.2016 Task Description

Today it was first time I see real spam on bugs.flyspray.org

The 2 spam accounts registered today and started creating spam posts as new tasks.

What is the reason? Was it by real humans or bots?

So what can we do to reduce this in future?

Ideas for making it harder and unattractive for spammers:

  • Users who never opened a nonspam-task or contributed a useful comment should solve a captcha
  • Limit the amount of creating tasks for new registered users or a user groups, like limiting to 2 tasks or 1 task per user per day.
  • Settings for a more moderated task creation process? Like a quarantine dbtable for tasks?
  • If we closed such spam tasks with WTF? reason, it will still be listed by search engines like google at the moment:
  1. Move spam tasks to a ‘dumpster project’, that is not visible for guests (search engines!) too.
  2. Or make spamming to visible flyspray projects unattractive, lets set noindex for: closed task for some special reason id?
  3. Delete spam tasks from database if allowed by your organization

Update: another and this time more aggressive phone number spammer.

2197Backend/CoreBug ReportHighChange Time for everyoneUnconfirmed
0%
121.08.201622.08.2016 Task Description

Flyspray does not recover the time set in php.ini. On display, the system has two hour delay.

2201APIBug ReportHighI got Fatal Error on the Github OAuthUnconfirmed
0%
1.0107.09.201609.09.2016 Task Description
Fatal error: Class 'League\OAuth2\Client\Provider\Github' not found in /html/bugs/includes/GithubProvider.php on line 11

I have downloaded this:
Precompiled with 3rd party libs for PHP5.6: flyspray-1.0-rc1_php56.tgz
and the file seems really dont exist.

2202Installer and UpgraderBug ReportHighUnable to upgradeUnconfirmed
0%
310.09.201611.10.2016 Task Description

I tried to upgrade from 0.9.9.7 to 1-0-rc1 but I end in an infinite redirection loop

I tried to use the github version, to change the domain name (hosted in dreamhost), to use/not-use the .htaccess, upgraded the version of php from 5.5 to 5.6, to change all the settings in the flyspray.conf.php file, but still having the error after to perform the Upgrade task and removing the setup dir

Used the prepacked dependencies since i cannot install them in this server

Thanks
Thanatermesis

2314Backend/CoreBug ReportHighHTMLPurifier_Config error after installing 1.0rc4Unconfirmed
0%
219.11.201619.11.2016 Task Description

Updated to the new security release today and anytime someone tries to add a comment, the following error is thrown:

Notice: Undefined variable: conf in /includes/class.backend.php on line 312 Fatal error: Class ‘HTMLPurifier_Config’ not found in /includes/class.backend.php on line 313

This is the offending code:

if($conf['general']['syntax_plugin'] != 'dokuwiki'){
	$purifierconfig = HTMLPurifier_Config::createDefault();
	$purifier = new HTMLPurifier($purifierconfig);
	$comment_text = $purifier->purify($comment_text);
}

After commenting this block of code out, comments can again be posted.

2319Installer and UpgraderBug ReportHighUpdate failed with "invalid byte sequence for encoding ...Unconfirmed
0%
223.11.201609.12.2016 Task Description

I’m trying to upgrade from 0.9.9.7 to 1.0-rc4 but the Upgrader stops with this message:

Query {UPDATE "tasks" SET detailed_desc = ?WHERE task_id = ?} with params {,400} Failed! (ERROR: invalid byte sequence for encoding "UTF8": 0xc3 0x3c)

Ubuntu 14.04.5 LTS
PostgreSQL 9.3.10

2320Backend/CoreBug ReportHighcrypt() Raise E_NOTICE security warning if salt is omit...Planned
0%
7107.12.201615.09.2017 Task Description

Hello together,

in php >= 5.6.0 you get a notice if you dont use a salt param.
(see: http://php.net/manual/en/function.crypt.php)

we need to fix the else case in the function Flyspray::cryptPassword()

see the attached image for the error in the frontend.

2336Backend/CoreBug ReportHighCaptcha validation always fail on registrationUnconfirmed
0%
1201.02.201720.03.2017 Task Description

Correct or wrong code return false!

The results of Securimage Test Script on my server

This script will test your PHP installation to see if Securimage will run on your server.

Session Functionality: Yes!
GD Support: Yes!
GD Version: bundled (2.1.0 compatible)
imageftbbox function: Yes!
TTF Support (FreeType): Yes!
JPEG Support: Yes!
PNG Support: Yes!
GIF Read Support: Yes!
GIF Create Support: Yes!
SQLite Support: Yes!
SQLite is available. If you choose to use it, Securimage can support users who do not accept cookies.
MySQL Support: Yes!
MySQL is available. If you choose to use it, Securimage can support users who do not accept cookies by storing codes in MySQL.
PostgreSQL Support: No
No PostgreSQL support.
LAME MP3 Support: No
LAME was not found, audio will work in WAV format, but not MP3. See Securimage HTML5 audio documentation for info.
Your server meets the requirements for using Securimage!

on modify.inc.php line:754 got

if( !Post::isAlnum('captcha_code') || !$image->check(Post::val('captcha_code'))) {
if( true == false || false == false ) {
407Backend/CoreFeature RequestMediumPlugin systemAssigned
0%
2.0261404.12.200417.01.2013 Task Description

Everything is currently hard-coded. Create a plugin system that allows a module to be simply "dropped into" a plugins/ directory, enabled in the options, and have the plugin just work.

Possibilities might include alternative methods of notification, perhaps a documentation subsystem, or even simple things like voting for tasks.

The user should NOT have to edit existing Flyspray source code to make a plugin work.

1222Backend/CoreFeature RequestMediumWorkflow engine / Role-based State Transition Rules Eng...Unconfirmed
0%
11525.03.200717.08.2015 Task Description

I have been working with Eventum (http://www.mysql.org/downloads/other/eventum/) for quite sometime now and in Contrast, I like Flyspray for its simplicity and practicality. But one thing I badly miss (and something that Eventum scores high) is a Workflow Engine. If not a sophisticated W.E., I (as an Admin / Manager) should be able define Role-based State Transition Rules of the Tasks reported in a particular Project. For example, I should be able to implement the following Scenario:

  1. For a "Developer", the subsequent tasks from various states.  Likewise for other roles
  2. "Developer" should not be able close out the Bug Reports.  He / She can only flag them as implemented.  The "Reporter" of the Bug(s) or the "Manager" alone should be able  to close out issues
  :
  : - it will go on like that ;-)

This Feature, in my opinion, is very crucial for Corporate Organizations to give a serious consideration to Flyspray.

1237Backend/CoreFeature RequestMediumAllow Multiple Owners Per CategoryPlanned
0%
2.04609.04.200710.08.2015 Task Description

Currently, only one owner can be applied per category (at least, that's what the tooltip implies). The ability to add more than one user, a user group, or a mix of the two to a category would be ideal.

Often times, more than one programmer will work on and maintain a feature that cannot be divided into subcategories with the various programmers dispersed accordingly. In such cases, setting all such programmers as owners of the category is beneficial in that they will all receive notifications.

Also, having a parent category's owner receive alerts if no owners are specified for a sub-category benefits from this ability. I may have a "User Interface" group that has all of my UI developers in it; assigning the group to the "User Interface" root category means all relevant developers find out about a new issue that was not directed elsewhere.

One potential conflict does arise with another Flyspray feature. If "Auto-assign a task to the category owner" is enabled, care must be taken to assign no users or the first user to the task; personally, I would prefer no one being assigned and seeing the wording changed to "Auto-assign a task to sole category owners". Worst case scenario would be another option asking if no one or the first user would be assigned to a task in that instance; if a group is specified, the first user in the group would be chosen.

1510NotificationsFeature RequestMediumFunction to test mail configuration Planned
40%
1.1 devel1229.10.200828.10.2015 Task Description

Add a button to test mail configuration before notifications is accpeted

1697User InterfaceFeature RequestMediumDetailed Due Date, SMS Notification, Deadline Warning N...Unconfirmed
0%
128.12.201106.10.2015 Task Description

Hi there,

I was looking for some issue management tool for the company I work for and Flyspray turned out to be almost perfect solution. I installed it easily and it works GREAT!
As I said, this turned out to be almost perfect solution, and this is because it lacks some features that my company needs.

  • Due Date with Hour/Minute part - to choose till what time during that day should task be done (ie. 27-12-2012, 17:27)

Away with needs of my company, I believe that these features will make Flyspray very interesting and more suitable for many small/medium companies.

Best regards,

Milan Vlajnic

1783NotificationsFeature RequestMediumCreate account for non-logged user automaticallyPlanned
0%
2.027.11.201207.03.2015 Task Description

Hi, is there function in FS (0.9.9.7) wchich allow unregistered user automatically create account? FS is accessible only for our workers.

It would be sth like that:
1. Non-logged user creates ticket.
2. He type his e-mail (user_name@company.pl).
3. FS creates account for that user:
a. user's login: user_name
b. user's password: <generated by FS>
4. User's login and password'll be send on e-mail which was typed in e-mail field.

Is is possible to do it?

1791Backend/CoreFeature RequestMediumAbility to merge version, OS, etcSuspended
50%
1112.12.201212.01.2017 Task Description

For example, say I no longer want 1.1, 0.9.9.8, 1.0.0, etc. So want to merge them all into one version 1.0. Same goes for OS, and others

1856Backend/CoreBug ReportMediumWrong timezonesResearching
0%
1127.03.201306.03.2015 Task Description

Hello,
when selecting timezone in user profile, it only offers offset based timezones. It should offer timezones like "Europe/Prague", instead, because in summer it is UTC+2 and in the winter UTC+1. Also UTC is the same as GMT.

Using offsets will cause invalid future and past times when crossing daylight saving or when something other changes.

Adding daylight checkbox is not enough and will cause additional troubles. Just use names and store them as ENUM in database, not offset. This problem is pretty complicated and the only solution is to use names and let libraries to solve it for you.

Thank you.

1861Backend/CoreBug ReportMediumLogin-Page should redirect after login to the page, the...Confirmed
30%
1.1 devel3112.04.201320.08.2015 Task Description

When some url to a bug is redirected to the login page, because the user does not have the right to see the bug without login, the user should be redirected after the login to the url he wanted to see.

Maybe redirect to /login/?next=/task/X and put the next-url in a hidden field in the login-form, so flyspray can redirect to the correct page after login.
Even preserving anchor-urls (#comment-YYYY) would be cool, but i guess this needs Javascript to work.

1875Backend/CoreFeature RequestMediumAbility to mark project as completedMaybe
20%
1.1 devel6126.09.201312.10.2015 Task Description

Currently projects in Flyspray are active or set inactive.

It will be great to archive project if finished or abandoned. In this case it will not be shown in project overview page and project navigation combo.

1882EmailBug ReportMediumError with email notificationPlanned
0%
2.0622.12.201308.04.2016 Task Description

Hello,

First of all, thanks for this great tool, very user friendly.
I'm informing you as requested ("This should never happend, please inform Flyspray Developers" :)) because I'm getting this error message:

[Completely unexpected exception: Connection could not be established with host http://ssl0.ovh.net/ [php_network_getaddresses: getaddrinfo failed: Name or service not known #0]
This should never happend, please inform Flyspray Developers]

I set up the SMTP configuration (SSL) with information provided.

Enclosed in PHPinfo configuration, if it helps.

Thanks

1960Backend/CoreBug ReportMediumforeign key relations between versions and tasksNew
0%
209.03.201513.08.2015 Task Description

It seem that when deleting a version entry in a project, that tasks that have this version assigned are still connected to this deleted version. For example FS#1222 (on 2015-03-09).

There are several options to solve such things:

  • Deny deletion of version as long as tasks assigned to this project version.
    • Either by doing a testing SQL query to check this case coded in PHP. Take care to keep this centralized, must also be respected by an eventually later added Flyspray API (XMLRPC or whatever).
    • add SQL foreign key constraints with ON DELETE RESTRICT
      • Pro: some business logic can be directly enforced by SQL.
      • Cons: higher requirements for hosting, if using mysql innodb tables must be available on the hosting
  • Move the tasks of this version to a default fallback version before deleting the version tag.
    • Either doing one transaction doing : 1. move the tasks to its fallback version, 2. delete the version
    • add SQL foreing key constraint with ON DELETE SET $fallbackversionid. Some pros & cons like on the the denying option.

The same for other assignments for tasks.

This issue is similiar to the massop issue: (https://github.com/Flyspray/flyspray/issues/130)

1980User InterfaceFeature RequestMediumTasklist - PDF ExportMaybe
0%
2.0119.03.201526.05.2016 Task Description

Hello,

First of all, thanks for this great tool.
Can you please add also PDF export for Tasklist?

Thank You.

1987APIFeature RequestMediumREST API to get metrics from flyspray projectsUnconfirmed
0%
229.03.201506.10.2015 Task Description

I need metrics for flyspray projects about a rest api. For example the count of issues for status, priority. I want use this values for my code analysis system http://www.sonarqube.org/ and other internal tools. It is possible to create a rest api with user authorization and only for metrics data?

1988Installer and UpgraderBug ReportMediumPassword Field for AdminUnconfirmed
50%
302.04.201512.05.2015 Task Description

The installer requests a password for the admin account, and provides a default one.

Because this field is not type=”password”, the browser caches this data for any field named “admin_password”

This also applies to future installations of the software.

I have marked this as critical as this can pose a security hazard. A different implementation would be allowing entry of password, or in the case of wanting to provide a default one, have two password fields prepopulated, and a text one prepopulated so that it can be viewed by the end user.

1991User InterfaceFeature RequestMediumAbillity to drill into progress graph from toplevel vie...New
0%
17.04.201524.04.2015 Task Description

From the overview view for a project the progress charts should be large and show dates so can have a better sense for absolute progress and then when click it should see it full size going back to start of project and showing dates.

1999JabberFeature RequestMediumjabber xmpp configurationNew
0%
8122.06.201511.02.2017 Task Description

There should be some help at the configuration sections for setting up jabber/xmpp notifications.

How someone can test it?

Must the admin setup his own jabber/xmpp server or are there recommended servers?

I registered with psi+ instant messager as peterdd@ubuntu-jabber.de at ubuntu-jabber.de for testing
and configured it here in my account too, but got no jabber messages.

Email notifications works and I set up both sending.

2012Backend/CoreFeature RequestMediumManaging TagsNew
60%
1.1 devel418.07.201512.11.2015 Task Description

Tags can only be added on the "new task" page, not managed on the "edit task"-page.

2016User InterfaceTODOMediumheading and h1, h2, h3New
0%
1.1 devel23.07.201523.07.2015 Task Description

We should change the document logic a bit here. For public projects search engines like well structured pages more then others. And we get a consistent structure too in future for Flyspray.

This I have in mind

Project area name ("All Projects" or "Project name")

  • Currently: h1-tag
  • My wish: not a h1-tag anymore here

Admin setting / Project setting pages, title of the sub pages

  • Currently: h3-tag!
  • My wish: h1 tag

Section names in these pages

  • Currently: h4-tags
  • My wish: h2 tags, subsubs then h3,...

Task view page

Task name=summary

  • Currently: h2 tag
  • My wish: h1 tag

Task descriptions then can use structuring their task description starting as h2,h3,h4 (done by dokuwiki renderer for example)

Toplevel project overview /dashboard

  • Currently: h2 for each project name
  • My wish:
  • * keep h2 for each project name
  • * h1 for the page heading (maybe hidden by css)

New Task page

  • Currently: h2 for summary and tags. Wrong logical nesting!
  • My wish: drop the h2 for form field labels

Reports page

  • Currently: h3 tag
  • My wish: h1 tag

Roadmap page

  • Currently: h3 tag for each milestone
  • My wish:
  • * h2 tag for each milestone,
  • * h1 tag for heading (maybe hidden by css)

MyProfile page

  • Currently: h3 tag for each section
  • My wish:
  • * h2 tag for each section
  • *h1 tag for heading (maybe hidden by css)

(Sure the theme.css must be adapted to this change.)

2019User InterfaceFeature RequestMediumtitle -tag Waiting on Customer
0%
1.1 devel26.07.201526.07.2015 Task Description

I vote for removing $fs->prefs['page_title'] from title-tag.

Comments welcome!

Explanation:

When the user has many open flyspray tabs, he cannot distinguish them at the first look, because the tab header is filled with redundant information of the systemwide 'page_title' name.

But the browsers also show the favicon.ico of the website (BTW: we need a better one, with some color - and the big webapp icons too for iPhone & co..)
So the user has indication that the tab is a flyspray tab and the page_title text is redundant and wasted space there.

Also search engines could better represent search results if they group together the results from one website. (google shows most relevant pages together if google is sure the whole website is the best search result for the search query (ranked #1)

flyspray> grep -r 'setTitle' *
includes/class.tpl.php:    public function setTitle($title)
index.php:$page->setTitle($fs->prefs['page_title'] . $proj->prefs['project_title']);
scripts/lostpw.php:$page->setTitle($fs->prefs['page_title'] . L('lostpw'));
scripts/newtask.php:$page->setTitle($fs->prefs['page_title'] . $proj->prefs['project_title'] . ': ' . L('newtask'));
scripts/register.php:$page->setTitle($fs->prefs['page_title'] . L('registernewuser'));
scripts/details.php:$page->setTitle(sprintf('FS#%d : %s', $task_details['task_id'], $task_details['item_summary']));
scripts/depends.php:$page->setTitle(sprintf('FS#%d : %s', $id, L('dependencygraph')));
scripts/index.php:$page->setTitle($fs->prefs['page_title'] . $proj->prefs['project_title'] . ': ' . L('tasklist'));
scripts/admin.php:        $page->setTitle($fs->prefs['page_title'] . L('admintoolboxlong'));
scripts/gantt.php:$page->setTitle($fs->prefs['page_title'] . $proj->prefs['project_title'] . ': ' . L('gantt'));
scripts/roadmap.php:$page->setTitle($fs->prefs['page_title'] . L('roadmap'));
scripts/pm.php:        $page->setTitle($fs->prefs['page_title'] . L('pmtoolbox'));
scripts/reports.php:$page->setTitle($fs->prefs['page_title'] . L('reports'));
scripts/myprofile.php:$page->setTitle($fs->prefs['page_title'] . L('editmydetails'));
scripts/toplevel.php:$page->setTitle($fs->prefs['page_title'] . $proj->prefs['project_title'] . ': ' . L('toplevel'));
scripts/newmultitasks.php:$page->setTitle($fs->prefs['page_title'] . $proj->prefs['project_title'] . ': ' . L('newtask'));
scripts/user.php:$page->setTitle($fs->prefs['page_title'] . L('viewprofile'));
2020JabberFeature RequestMediumFunction to test jabber/xmpp configuration New
0%
1.1 devel1131.07.201519.09.2015 Task Description

The flyspray admin users should be able to test their jabber/xmpp configuration, check if sending jabber notification is working and if not, give useful error messages back, so the user is able to fix the configuration.

2028Text RenderingBug ReportMediumupgrade dokuwiki 'plugin'New
0%
12.08.201520.08.2015 Task Description

I see php deprecation notices with php 5.6+ from the geshi syntax highlighter plugin of dokuwiki plugin sometimes. (seems to be go away on the second view, so probably not seen on cached views)

It can't be found easy with

grep -r preg_replace | grep '/e'

Because the preg_replace modifiers are added dynamic depending on the target programming language. At least in the version we have in flyspray.

2042Backend/CoreBug ReportMediumfunction absoluteURI not using basedir and force_basedi...Unconfirmed
0%
3104.09.201501.10.2015 Task Description

public static function absoluteURI($url = null, $protocol = null, $port = null)
in
class Flyspray

not using basedir and force_basedir from configuration file

its problem because my web-server inside have port 7777 and outside 80 (nginx and PHP-FPM)

please fix it

2047User InterfaceFeature RequestMediumInserting images/screenshots from bufferUnconfirmed
0%
2104.09.201529.09.2015 Task Description

Good if adding functional about easy way for insert screenshots to task

2049Backend/CoreFeature RequestMediumDisplay login page or customizable page to anonymous us...Unconfirmed
0%
209.09.201504.04.2016 Task Description

Currently, if there are no public project, the anonymous users gets a blank page not very useful. It will be a good idea to have a global configuration parameter to display some customizable-page or maybe the login form instead.

2065User InterfaceFeature RequestMediumOne click signup (with facebook, twitter , Google, yaho...Unconfirmed
50%
1109.10.201503.03.2016 Task Description

Hello,

I wanted to request a feature that will DRAMATICALLY increase the popularity and the usage of flyspray worldwide which is :

One click signup

This can be done by using existing signup solutions like openID, live.com, Google, Facebook ,twitter, Yahoo, gravatar (these are the most universal according to http://www.alexa.com/topsites)

The goal is to give a new user the possibility to sign up in less than 15 sec (and mention this in the signup page)
2066Installer and UpgraderFeature RequestMediumAutomated site update (like Wordpress)Unconfirmed
0%
209.10.201510.10.2015 Task Description

All is in the title

vote for this task please

2069Backend/CoreFeature RequestMediumImprove password security by adding PBKDF2/bcrypt suppo...New
0%
6114.10.201527.06.2016 Task Description

For password hashing, PBKDF2 & bcrypt are both more secure than md5 and sha1 (even salted).

My suggestion is to replace the default md5 hash method with bcrypt (set the default work factor to 6).

I am a PHP developer and I’d like to help with this improvement.

2078User InterfaceBug ReportMediumlayout of requested close on small displaysNew
0%
1.026.10.201529.10.2015 Task Description

currently absolute positioning overlapping deny button and not full visible

Possible better solution:

  • cssbased toggle
  • left:50%; width:300px;margin-left:-150px;margin-top:50px;
2085Text RenderingInformationMediumEnabling Color Coding options in CKEDITORUnconfirmed
0%
130.10.201530.10.2015 Task Description

Hi

So I figured out that there are no color coding options (to set text color and background color) for text in the CKEDITOR. I did some changes to CKEDITOR to add those, however, once I submit the text, it does not retain the changes.

Is there a particular reason why these are not enabled in the first place?

I am thinking it would be good add these, so that we can make the important text pop-out to the users.

- Raju

2088Backend/CoreBug ReportMediumError when trying to add task with dokuwikiUnconfirmed
0%
406.11.201510.11.2015 Task Description

Steps to reproduce:

  1. install Flyspray 1.0 beta 2 on Turnkey Linux LAMP Stack 14.0 - this is Debian 8 (Jessie), PHP Version 5.6.13-0+deb8u1, see attached phpinfo.htm
  2. run Flyspray setup by navigating to Flyspray install dir in browser
  3. manually run curl / composer as suggested by setup
  4. set write permissions on attachments, cache, and newly created empty flyspray.conf.php
  5. allow FS to create new DB (”flyspraytest”)
  6. rename setup dir at end of setup
  7. navigate to Flyspray install dir in browser
  8. click “add new task”
  9. enter summary and description
  10. click “add this task”

Observed behavior:

Empty web page except for the following output, and task is not created:

Fatal error: Cannot redeclare class DokuHTTPClient in /var/www/flyspray-1.0-beta.2/plugins/dokuwiki/inc/HTTPClient.php on line 20 
Call Stack: 
0.0000 276512 1. {main}() /var/www/flyspray-1.0-beta.2/index.php:0 
0.0067 1874152 2. require_once('/var/www/flyspray-1.0-beta.2/scripts/details.php') /var/www/flyspray-1.0-beta.2/index.php:194 
0.0109 1947272 3. TextFormatter::render() /var/www/flyspray-1.0-beta.2/scripts/details.php:145 
0.0109 1948656 4. call_user_func:{/var/www/flyspray-1.0-beta.2/includes/class.tpl.php:687}() /var/www/flyspray-1.0-beta.2/includes/class.tpl.php:687 
0.0109 1949040 5. dokuwiki_TextFormatter::render() /var/www/flyspray-1.0-beta.2/includes/class.tpl.php:687 
0.0112 2223680 6. require_once('/var/www/flyspray-1.0-beta.2/plugins/dokuwiki/inc/common.php') /var/www/flyspray-1.0-beta.2/plugins/dokuwiki/dokuwiki_formattext.inc.php:17 
0.0113 2248136 7. require_once('/var/www/flyspray-1.0-beta.2/plugins/dokuwiki/inc/io.php') /var/www/flyspray-1.0-beta.2/plugins/dokuwiki/inc/common.php:11 
0.0113 2285584 8. require_once('/var/www/flyspray-1.0-beta.2/plugins/dokuwiki/inc/HTTPClient.php') /var/www/flyspray-1.0-beta.2/plugins/dokuwiki/inc/io.php:11 
2097User InterfaceBug ReportMediumUrl incorrect for view attachementUnconfirmed
0%
10116.01.201602.03.2016 Task Description

I’m using URL rewriting…

If I click on the link, the picture doesn’t appear.

https://flyspray.xxx.fr/task/27?getfile=8

It’s ok in task history. The right URL is

https://flyspray.xxx.fr/?getfile=8

.

2098User InterfaceBug ReportMediumAttached image cannot be downloadedConfirmed
50%
1.1 devel530.01.201610.01.2017 Task Description

Steps:

- Attach an image to a task.
- It shows as a link in your task (cf. screenshot “Screenshot from 2016-01-29 18-34-31.png”).
- Click on the link.

Result: it opens a “popup” with the image displayed in it. If the image is big, the popup is just so huge the image is not visible without boring horizontal and vertical scrolling (see “Screenshot from 2016-01-30 15-07-26.png” which shows what I see when I click the image link on my task).
I can’t even right click to download from the menu since I see no “Save Image As” item. (see Screenshot-no-save-image-in-menu.png).

My workaround was that if I drag and drop the attachment link in the address bar, I finally get the expected image, which I can finally save as! This workaround was hard to find, and I expect most people will just get frustrated of being able to view an image attachment, yet not save it locally.

I proposes the following:
- a small “download” icon next to the image link in the task for direct download (without preview).
- a “download” link/icon on the top-left of the image display popup (to download while previewing).

And as a side feature (maybe I should make a separate report?), I suggest that by default the image display popup constrains the image to the screen size, with a “see real size” link, so that you don’t get the popup with huge scrolling when opening a big image on a smaller screen.

Note: of course this issue does not appear with non displayable attachment. If I have a zip or a document, it proposes me to download it directly.

2102Backend/CoreBug ReportMediumstrict ordering of tags required New
0%
1.0219.02.201618.07.2017 Task Description

When saving the tag list at admin and project area, the ordering of the tags must be recalculated.

So it is not more legal to have a list ordering like (0,0,0,1,3,4,7)

That should be recalculated and stored as (1,2,3,4,5,6, 7) (or 0,1,2,3,4,5,6)
currently in file includes/modify.inc.php

Why?

The SQL for the tasklist uses currently GROUP_CONCAT (and a equivalent syntax for postgres) that groups by list_tag.list_position.
Well, we could just ‘group by’ the tag_id too, but with list_position value we can show the most important tags first.

3 times, and that 3 result fields must be in the same order. (tag id, tag name, tag class field)

Also that sql-query part there needs a little modification, but first fix that strict ordering.

Alternative

Don’t use group_concat() or similiar for list_tag.tag_name or list_tag.class. Instead load an indexed array once per http request and only when needed.

For instance as function within class.flyspray.inc.php:

        /**
         * load all tags into array
         *
         * compared to listTags of class project, this preloads all tags in flyspray database
         * ideally maximal called once per http request, then using the array index for getting info
         *
         * @return array
         */
        public static function getAllTags()
        {
                global $db;
                $at=array();
                $res = $db->Query('SELECT tag_id,project_id,list_position,tag_name,class,show_in_list FROM {list_tag} ORDER BY list_position ASC');
                while ($t = $db->FetchRow($res)){
                        $at[$t['tag_id']]=array(
                                'project_id'=>$t['project_id'],
                                'list_position'=>$t['list_position'],
                                'tag_name'=>$t['tag_name'],
                                'class'=>$t['class'],
                                'show_in_list'=>$t['show_in_list']
                        );
                }
                return $at;
        }

in scripts/index.php in function tpl_draw_cell():

function tpl_draw_cell($task, $colname, $format = "<td class='%s'>%s</td>") {
  global $fs, $db, $proj, $page, $user, $alltags;
...
  case 'summary':
...
    if($task['tagids']!=''){
                        # if global $alltags are yet undefined, preload the tags now.
                        if(!is_array($alltags)) {
                                $alltags=$fs->getAllTags();
...
 foreach($tagids as $tagid){
                                $tgs.='<i class="tag t'.$tagid
                                        .(isset($alltags[$tagid]['class']) ? ' ' .htmlspecialchars($alltags[$tagid]['class'], ENT_QUOTES, 'utf-8') : '').'" title="'.htmlspecialchars($alltags[$tagid]['tag_name'], ENT_QUOTES, 'utf-8').'"></i>';
                        }
Showing tasks 1 - 50 of 265 Page 1 of 61 - 2 - 3 - 4 - 5 - Last >>

Available keyboard shortcuts

Tasklist

Task Details

Task Editing