Flyspray

This is the Bug Tracking System for the Flyspray project. This is not a demo!

2021-04-23: Flyspray 1.0-rc10 released See https://github.com/Flyspray/flyspray/releases

If you are upgrading from older version, please wait for 1.0-rc11.

2021-11-23: New user registration and password forgotten currently not working on bugs.flyspray.org due email server problems. peterdd

ID Category Task Type Severity Summary Status Progress Assigned To  desc Due In Version Opened Last Edited
2063Backend/CoreFeature RequestVery Lowshow closed/open usage count on do=pm&area=XXXNew
10%
peterdd129.09.201525.03.2021 Task Description

Currently on

  • do=pm&area=cat
  • do=pm&area=version
  • do=pm&area=os
  • do=pm&area=resolution
  • do=pm&area=status
  • do=pm&area=tags
  • do=pm&area=tasktype

a count of usage in tasks is shown for every property.

Interesting would be if the counter shows the count for open/closed tasks on each row.

2316Backend/CoreBug ReportLow"wrongtoken" is displayed if the comment box is left si...Assigned
0%
peterdd7122.11.201629.07.2019 Task Description

I understand this is likely due to some sort of XSS CSRF protection, but the delay doesn’t appear to be long enough to be useful for a lengthy comment to be posted. I’ve now lost two detailed comments in our tracker because the software threw everything out and generated a meaningless error.

Further, attempting to do the normal thing and making the browser resubmit the page results in Flyspray throwing “Error #3” something something repeated action and causing a redirect to the homepage.

Surely there has to be a better way to handle this that doesn’t incur data loss?

2559Backend/CoreBug ReportLowa duplicate close accepted even when missing comment/ r...New
0%
peterdd29.07.201929.07.2019 Task Description

Closing a task with selected close reason duplicate should warn when there is no comment or FS # id is given in the close comment text field.

The task is closed as duplicate without any further notice. The information to which task it is duplicate or a description (if the problem is logged/handled outside Flyspray) is lost.

Possible solutions

Frontend hints

  • variant F1 (soft): When duplicate as close reason is selected, a placeholder attribute in the close comment text field could be shown/updated. (maybe as ‘css only’ possible)
  • variant F2 (harder): Deny sending the form if duplicate selected, but comment text field is empty. and shows warning info. (javascript required, nojs browsers still send form.)
  • variant F3 (hard): Deny sending the form if duplicate selected and no task id detected in comment text field. and shows warning info. (javascript required)

Backend deny

  • variant B1 (soft): When request wants close a task with duplicate reason and (cleaned) comment string is empty, deny closing the task and give feedback to user why it was denied.
  • variant B2 (hard): It requires detecting a task id in the comment field and the first detected task id is taken for referencing as ‘is duplicate of’. Limitation of this is that the duplicate could be also a ticket or something of a complete other system.
2573Backend/CoreTODOLowadd rel nofollow,ugc,.. settingsNew
20%
peterdd114.09.201915.09.2019 Task Description
  1. Find a good configuration name just reuse relnofollow as used by dokuwiki
  2. Find a good translation keyword for that config relnofollow
  3. Find a good translation keyword for config description (title attribute)

Goes into prefs table as it is sitewide configuration.

As first implementation a simple checkbox should be ok. Should be on the tab with other spam handling stuff like captcha configuration.

Is enabled by default (1).
Adapt setup xml files, upgrade procedure.


	
2598User InterfaceBug ReportLowuser registration in admin area: "username taken" but t...Assigned
0%
peterdd1.0320.03.202014.04.2021 Task Description

Trying to add a new user having the same email address as an another user in the do=admin&area=newuser section results in

“That username is already taken. You will need to choose another one.”

instead of

“Email address has already been taken”

(I’ve stumbled on this issue because I have an older disabled user with the same email address)

2620Backend/CoreTODOMediumPHP8 compatibilityNew
50%
peterdd226.11.202017.08.2021 Task Description

PHP 8.0 is now released (2020-11-26) and Flyspray should be made compatible with it.

  • Replace removed and deprecated functions with alternatives in our source code.
  • Upgrade used libraries or make used libraries compatible:
    • post github issue or pull requests for ADODB
    • upgrade used dokuwiki or make changes in our integration (probably just review our as official dokuwiki project contains too much stuff we do not need and changed much)
    • review used geshi
    • upgrade our swiftmailer version to PHP8 compatible version
    • upgrade our oauth2-client stuff to PHP8 compatible version
  • The @ operator no longer silences fatal errors. Some checks in installer or other areas might not work anymore as expected when the @-operator was used as silencer for previous PHP versions.
2625User InterfaceTODOLowavoid password manager popups in admin prefs areaNew
0%
peterdd110.02.202110.02.2021 Task Description

We must teach browsers not to use some input fields in the admin prefs area to offer to store it in their password manager.

Steps to reproduce:

  1. Login with Firefox as admin into Flyspray. (Maybe other browsers behave same)
  2. Go to admin prefs area (top right gear icon)
  3. Click link somewhere else (so leaving admin prefs page)
  4. Firefox browser pops up password manager as it detected some password input fields on admim prefs setting page. But in this case this is not wanted.

Either by using different input field names where the browser does not assume it is a login password field or find input field attribute to tell them.

auto-complete="off"

is not working anymore in browsers for password fields.

webbrowser: Firefox 85.0.2

Popup probably triggered by the password fields for configuring Email and XMPP notification: smtp_pass and jabber_password input fields. Firefox heuristic is too stupid to detect that these are for server configuration, not user login fields!

Neither

autocomplete="new-password"

nor

autocomplete="one-time-code"

attribute helped.

Stubborn Firefox ..

2636Installer and UpgraderBug ReportHighFailure to upgrade 1.0-rc9 to 1.0-rc10 (mariadb 10.4.18...Assigned
50%
peterdd1.0-rc11729.04.202123.07.2021 Task Description

I administer a moderate-sized (~14K ticket) 1.0-rc9 instance running on a Fedora 32 host (php 7.4.16, mariadb 10.4.18) Following the upgrade instructions (ie transfer attachments, avatars, flyspray.conf.php) the setup/upgrade tool loads, and prompts me to upgrade.

It churns a while before refreshing the screen, claiming a successful 1.0-rc10 upgrade. However, the upgrade seems to not actually “stick”, because clicking on the “return” button I’m dropped back into the upgrader, which is once again claiming I’m running 1.0-rc9 and prompting me to perform the -rc10 upgrade.

According to Flyspray’s admin ‘checks’ tab:

* PHP 7.4.16
* MariaDB 10.4.18
* default_charset: utf8mb4
* default_collation: utf8mb4_unicode_ci
* All tables are ‘InnoDB’

There are no errors logged that I can find, but the upgrade is clearly not working. If I revert to the -rc9 php files, everything continues along as if nothing was done.

Any suggestions?

2637Installer and UpgraderBug ReportHighFailure to upgrade 1.0-rc9 to 1.0-rc10 (postgresql 12.6...Assigned
50%
peterdd1.0-rc11729.04.202105.05.2021 Task Description

I administer a small personal (<1K ticket) 1.0-rc9 instance running on a Fedora 32 host (php 7.4.16, postgresql 12.6) Following the upgrade instructions (ie transfer attachments, avatars, flyspray.conf.php) the setup/upgrade tool loads, and prompts me to upgrade.

Unfortunately, the upgrade fails spectacularly, with a reported SQL error that belies what’s actually wrong. Here’s a snippet from the postgresql logs where the upgrade is failing:

2021-04-28 10:33:07.190 EDT [2032049] ERROR: column “attachment_id” of relation “flyspray_attachments” already exists
2021-04-28 10:33:07.190 EDT [2032049] STATEMENT: ALTER TABLE flyspray_attachments ADD COLUMN attachment_id SERIAL
2021-04-28 10:33:07.194 EDT [2032049] ERROR: current transaction is aborted, commands ignored until end of transaction block
2021-04-28 10:33:07.194 EDT [2032049] STATEMENT: ALTER TABLE flyspray_attachments ADD COLUMN task_id INTEGER
[…and everything else fails because the transaction aborted…]

It appears that the upgrade script is blindly trying to create columns that already exist in the -rc9 database, and postgresql is treating this as a failure. Because the entire upgrade happens within one transaction, this means the entire upgrade fails at the outset and won’t ever succeed.

The way past this specific problem is to make these ALTER TABLE operations conditional (eg “ALTER TABLE flyspray_attachments ADD COLUMN IF NOT EXISTS task_id INTEGER”).

2639JavascriptBug ReportMediumUnable to "deny" a pending requestResearching
0%
peterdd712.05.202113.06.2021 Task Description

My project has 37 pending requests. Each has a set of Accept / Deny buttons next to it.

If I click on Deny, a textbox pops up for me to enter “Reason for denial” but the entire page immediately regreshes/reloads back to the task list before I have a chance to enter the reason and submit it.

I can always “Accept” the request implicitly by going to the appropriate task and closing/re-opening it, but there’s no way to “deny” something without going through this UI path.

2660Backend/CoreBug ReportLowmention an user with "_" does not work: @user_testConfirmed
30%
peterdd1.0-rc11829.10.202208.11.2022 Task Description

@peterdd: It is not possible to tag the user, for example, @user_test.

It is stopped before “_”.

change by @peterdd: quickfix is now in master branch

2668Backend/CoreBug ReportHighCKeditor update (CVEs)Unconfirmed
10%
peterdd1.0-rc11202.11.202208.11.2022 Task Description

It is possible to update CKeditor?

Currently it is 4.16:
- https://github.com/Flyspray/flyspray/blob/master/js/ckeditor/CHANGES.md

Vulnerabilities / CVEs:
- https://www.cvedetails.com/vulnerability-list/vendor_id-12058/Ckeditor.html

There are at this time:
- 4.20: https://github.com/ckeditor/ckeditor4/tags
- 35.2.1: https://github.com/ckeditor/ckeditor5/tags

2669Database QueriesBug ReportLowuser and registrations tables: Illegal mix of collation...New
50%
peterdd1.0-rc11107.11.202208.11.2022 Task Description

The ajax call to check if a username is taken fails currently on https://bugs.flyspray.org when trying to fill the user registration form.
(beside the fact the registration confirmation loop is not working as mail server not correct configured)

Query {
    SELECT count(u.user_name) AS anz_u_user, count(r.user_name) AS anz_r_user
    FROM `flyspray_users` u
    LEFT JOIN `flyspray_registrations` r ON u.user_name = r.user_name
    WHERE LOWER(u.user_name) = ? OR LOWER(r.user_name) = ?}
 failed! (Illegal mix of collations (utf8_general_ci,IMPLICIT) and (utf8_unicode_ci,IMPLICIT) for operation &#039;=&#039;

Inconsistency probably due misconfiguration due manual upgrade + manual changes to the database.

Affected: maybe only https://bugs.flyspray.org

I fixed it on bugs.flyspray.org by running SQL commands:

ALTER TABLE flyspray_registrations CONVERT TO CHARACTER SET utf8mb4;

and

ALTER TABLE flyspray_users CONVERT TO CHARACTER SET utf8mb4;

Both now using the servers default collation, so they can be joined again by boths user_name field.

This can be seen as just a quickfix.

Why this happened at all?

I can only speculate about this as I can do some administration only since 2021.

I assume the defaults of mysql tables charsets and collation changed with mysql/mariadb versions and the upgrade scripts does not explicit handle that.

So lets say first it was utf8 and utf8_general_ci,
then utf8 and utf8_unicode_ci
and then utf8mb4 and utf8mb4_unicode_ci.

And when upgrading Flyspray and new tables where created they use the servers new default charset and collation while the older tables and varchar fields keep their old charset and collation which leads to inconsistencies.

And then there where probably manual interventions by admins (from 2003-2021?) who fixed/changed charset/collation on certain tables and fields manually by running SQL commands.

How it should be fixed

The Flyspray install and upgrade scripts and xmlschema03 files should contain information and settings for charset and collation for the table fields and upgrade scripts and should convert wrong charset and collation fields during an upgrade if they are wrong in the database.

Sadly ADOdb’s xmlschema03 lacks configuring and handling yet, so this must be done by the upgrade PHP scripts after running xmlschema03 xml files.

How it will be handled meanwhile

Extending Admin Toolbox→Checks sections to compare the current database with the intended configuration.

So admins can fix tables and field charset and collation where required.

Such inconsistency could be detected by admin checks - tab.

I would like to see that field users.user_name and registrations.user_name just be ascii (in mysql) and only accepts allowed username characters.

2601Public RelationsFeature RequestMediumhttp -> https missing redirection (19-04-09)Assigned
10%
Floelejudas_iscariote321.04.202025.09.2020 Task Description

From: https://groups.google.com/forum/?hl=en#!topic/flyspray/rAnks5y_uLk

19-04-09 // More one year ago.

There are not http → https redirections.

Only one example:
- http://www.flyspray.org/docs/download/ is not redirected to https://www.flyspray.org/docs/download/

Note: It is better to have the main website in https://flyspray.org/.

http://www.flyspray.org/ + https://www.flyspray.org/ + http://www.flyspray.org/ must be redirected to https://flyspray.org/

2657EmailBug ReportCriticalcurrently new registration emails are not received by u...Assigned
0%
Floelejudas_iscariote24.11.202124.11.2021 Task Description

Regardless if a gmail.com or other address (tested with my gmail and also other email address)

So this is probably a mail server problem. I try to reach server admin.

I can see my “unfinished registrations” tests in the admin→checks area, but received no emails (waited and checking spam folders too)

407Backend/CoreFeature RequestMediumPlugin systemConfirmed
0%
2.0261404.12.200417.01.2013 Task Description

Everything is currently hard-coded. Create a plugin system that allows a module to be simply "dropped into" a plugins/ directory, enabled in the options, and have the plugin just work.

Possibilities might include alternative methods of notification, perhaps a documentation subsystem, or even simple things like voting for tasks.

The user should NOT have to edit existing Flyspray source code to make a plugin work.

920User InterfaceFeature RequestLowCharts (gantt, severities, OSes, opened-closed, ...)Researching
10%
2.017906.05.200607.04.2021 Task Description

With all informations on flyspray, it’s possible to generate a gantt chart.
For this, some php code exists :
- http://www.aditus.nu/jpgraph/
- http://www.graphviz.org/
- http://www.phpclasses.org/browse/package/2737.html

1040User InterfaceFeature RequestLowClose Multiple Tasks at onceNew
30%
1.1 devel5317.08.200601.10.2015 Task Description

We don't close the tasks until the release is "made", that is we let them under "Requires Testing" with 100% complete. When the release/testing cycle is finished, somebody has to go task by task, and start closing them... it's a PITA ;)
It would be nice to have to option to select all the tasks you want to close, and that the "popup" when you enter the reason/etc, applied to all the tasks I selected...

I recall reading something about this in the past, but haven't found it; and if this is implemented, I haven't seen a way to do it in 099beta1

1134User InterfaceFeature RequestLowadd icon/image for each projectPlanned
0%
1.1 devel7329.11.200609.03.2015 Task Description

When we have several projects into flyspray, it's hard to see the project where I am when I add several tasks.
It's necessary to read the text.

To improve this, I think that it's a good idea if it's possible to add a color or an image with the logo project next to project title into web page. It will more simple to know where we are when we use flyspray.

1222Backend/CoreFeature RequestMediumWorkflow engine / Role-based State Transition Rules Eng...Unconfirmed
0%
11725.03.200705.05.2019 Task Description

I have been working with Eventum (http://www.mysql.org/downloads/other/eventum/) for quite sometime now and in contrast, I like Flyspray for its simplicity and practicality. But one thing I badly miss (and something that Eventum scores high) is a Workflow Engine. If not a sophisticated W.E., I (as an Admin / Manager) should be able define role-based state transition rules of the tasks reported in a particular project. For example, I should be able to implement the following scenario:

  1. For a “Developer”, the subsequent tasks from various states. Likewise for other roles
  2. “Developer” should not be able close out the bug reports. He/she can only flag them as implemented. The “Reporter” of the bugs or the “Manager” alone should be able to close out issues
  3. ..
  4. .. it will go on like that ;-)

This feature, in my opinion, is very crucial for corporate organizations to give a serious consideration to Flyspray.

1236User InterfaceFeature RequestLowMark Issue As Verified or UnverifiableUnconfirmed
0%
3409.04.200718.07.2016 Task Description

Currently, the Vote functionality provides users a way to say "this issue is important to me". In addition to that functionality, it would be great for users to have a "Verify" ability on open issues; it would provide users a way to say "yes, this happens to me as well".

A "Verified" label would fit nicely right under "Votes", to the right of the label would be "Yes | No", each option being a link. After clicking Yes or No, or if unable to specify (lack of permissions), the text would display "Yes - # | No - # (% verification)" where '%' is the result of ((Yes/(Yes+No))*100).

This feature should not show up on all issues, though. It does not make sense to "verify" a feature request or todo item, for example. When defining task types, the administrator would specify if a type was "Verifiable" by checking a box in a column next to "Show".

If implemented, two great, mini extra features would be:

  1. The ability for the administrator to set the number of "Yes" verifications an issue would need before it was elevated to the next priority, severity, or both (specified by the administrator).
  2. The ability for the administrator to set the number of "No" verifications an issue would need before it was lowered to the previous priority, severity, or both (specified by the administrator).

Both settings should have an option to be incremental (priority / status increased every x verifications) or not (increases once, no matter how many verifications are received); an "Incremental" checkbox would do nicely. Also, a little "Enabled" checkbox next to both settings would be clearer than having zero act as the disable mechanism.

As with voting, a permission should exist to enable or disable this option for a user group. For larger projects, moderators tasked with verifying bugs could be given the permission whereas smaller projects may leave verifications up to the community.

Lastly, a way to send a notification once the number of "Yes" verifications reached a certain value would also be a great addition.

1237Backend/CoreFeature RequestMediumAllow Multiple Owners Per CategoryPlanned
0%
2.04709.04.200710.08.2015 Task Description

Currently, only one owner can be applied per category (at least, that's what the tooltip implies). The ability to add more than one user, a user group, or a mix of the two to a category would be ideal.

Often times, more than one programmer will work on and maintain a feature that cannot be divided into subcategories with the various programmers dispersed accordingly. In such cases, setting all such programmers as owners of the category is beneficial in that they will all receive notifications.

Also, having a parent category's owner receive alerts if no owners are specified for a sub-category benefits from this ability. I may have a "User Interface" group that has all of my UI developers in it; assigning the group to the "User Interface" root category means all relevant developers find out about a new issue that was not directed elsewhere.

One potential conflict does arise with another Flyspray feature. If "Auto-assign a task to the category owner" is enabled, care must be taken to assign no users or the first user to the task; personally, I would prefer no one being assigned and seeing the wording changed to "Auto-assign a task to sole category owners". Worst case scenario would be another option asking if no one or the first user would be assigned to a task in that instance; if a group is specified, the first user in the group would be chosen.

1481User InterfaceFeature RequestLowDiff visualisationUnconfirmed
0%
4104.05.200809.03.2015 Task Description

Flyspray should be able to render attached patches visually like, for example, Bugzilla: https://bugzilla.wikimedia.org/attachment.cgi?id=4807&action=diff

1485User InterfaceFeature RequestLowAdditional extended Printview for the TasksPlanned
0%
2.013.05.200811.03.2015 Task Description

It would be useful to print a list of tasks in a extended version.
e.g. All tasks from a programmer with all the details of it.

1487AuthenticationFeature RequestLowLDAP(Active Directory) AuthenticationPlanned
40%
1.1 devel101121.05.200804.09.2019 Task Description

I have done a very quick bit of work to bring ldap (through active directory) authentication to flyspray for our implementation in the office. I hope it will be of use to others. There is a readme.txt inside talking through the process and the patch to apply. My plan is to expand on this and make it part of the setup process but this will take a bit longer.

1491User InterfaceFeature RequestLowCustom task table columns for individual usersUnconfirmed
0%
2.0301.07.200801.10.2015
1510NotificationsFeature RequestMediumFunction to test mail configuration Planned
40%
1.1 devel1329.10.200828.10.2015
1518NotificationsFeature RequestLowShow last date/time when a reminder was sentUnconfirmed
0%
15.11.200815.11.2008
1521Backend/CoreFeature RequestLowAssignees should be able to see and create reminders fo...Unconfirmed
0%
22.11.200818.04.2009
1539Backend/CoreFeature RequestLowSitemap.xml GenerationUnconfirmed
0%
2.12112.01.200911.03.2015
1608Installer and UpgraderBug ReportLowreserved characters cause database error after installa...Unconfirmed
0%
2.107.10.200903.03.2013
1612Backend/CoreFeature RequestLowAllow Comments by anonymous UsersUnconfirmed
0%
2.02120.10.200917.01.2013
1628NotificationsFeature RequestLowGlobal Notification addressUnconfirmed
0%
2.0125.02.201017.01.2013
1670User InterfaceFeature RequestLowAssign Key-Shortcuts to form fieldsUnconfirmed
0%
04.12.201004.12.2010
1671Database QueriesFeature RequestLowAbility to extract CSV, or ExcelPlanned
50%
1.1 devel4318.12.201008.10.2017
1673Backend/CoreBug ReportHighOnly white screen after upgrade to 1.0 - reasonsConfirmed
10%
1.1 devel31412.01.201117.08.2016
1720Backend/CoreFeature RequestLowBetter Access Control Lists and User / Group ManagementPlanned
0%
1.1 devel301.05.201220.03.2015
1734Backend/CoreBug ReportLowAdd Timezone Selection to Admin PanelMaybe
0%
2.0112.05.201207.03.2015
1736User InterfaceFeature RequestLowBe able to add colors for Task StatusesPlanned
50%
1.1 devel516.05.201215.10.2015
1737JavascriptTODOLowJavascript OverhaulNew
10%
1.1 devel6125.05.201217.04.2021
1749User InterfaceBug ReportLowSubmit form buttons on lower rightUnconfirmed
50%
117.06.201224.09.2015
1751Backend/CoreFeature RequestMediumDefault to show all in Event LogConfirmed
20%
1.1 devel1120.06.201209.02.2016
1753Backend/CoreFeature RequestMediumUsergroup Restriction: Only View SummaryConfirmed
0%
1.1 devel4220.06.201227.06.2016
1760Backend/CoreFeature RequestLowColumn 'last commenter' in tasks list viewMaybe
0%
2.01227.07.201225.10.2016
1766Backend/CoreFeature RequestLowAllow users to choose their favourite themePlanned
0%
2.01116.08.201204.08.2015
1772Backend/CoreFeature RequestLowDifferent kinds of votesMaybe
0%
2.01123.09.201209.03.2015
1774Backend/CoreFeature RequestLowEmail LayoutMaybe
0%
2.011.10.201220.07.2015
1782Backend/CoreFeature RequestLowCustom fields on taskPlanned
0%
2.033327.11.201207.01.2020
1783NotificationsFeature RequestMediumCreate account for non-logged user automaticallyPlanned
0%
2.027.11.201207.03.2015
1791Backend/CoreFeature RequestMediumAbility to merge version, OS, etcSuspended
50%
1112.12.201212.01.2017
Showing tasks 1 - 50 of 326 Page 1 of 7

Available keyboard shortcuts

Tasklist

Task Details

Task Editing