Flyspray - The bug killer!

This is the Bug Tracking System for the Flyspray project. This is not a demo!

2019-04-22: Flyspray 1.0-rc9 released See https://github.com/Flyspray/flyspray/releases

ID Category Task Type Severity Summary Status Progress Assigned To  desc Due In Version Opened Last Edited
2598User InterfaceBug ReportLowuser registration in admin area: "username taken" but t...Assigned
0%
peterdd1.0-rc10320.03.202027.03.2020 Task Description

Trying to add a new user having the same email address as an another user in the do=admin&area=newuser section results in

“That username is already taken. You will need to choose another one.”

instead of

“Email address has already been taken”

(I’ve stumbled on this issue because I have an older disabled user with the same email address)

2585User InterfaceTODOMediumUpgrade CKEditor to 4.13New
0%
peterdd02.12.201917.02.2020 Task Description

To fix some other open tasks, an update of the CKEditor4 files is probably the best way.

Starting with CKEditor4 ‘Basic’ preset, evaluate every additional Plugin before adding them to the config.

Because the selection of plugins starts with the ‘Basic’ preset, some configs are disabled in the resulting config.sys like the ‘Strike’ button or the Copy/Paste functionality.

I am also evaluating the possibilities to make some of the options configurable within the Flyspray configuration. It is probably required to analyze if a setting applies to only CKEditor syntax or would be also by used for installs using dokuwiki syntax/engine.

I can also imagine enable/disable features based on Flyspray user permissions. (but that requires not only CKEditor config, but also server side changes like HTMLpurifier settings.)

Languages

Just choose all languages available in the CKBuilder.

Probably we need to adjust the CKEditor to use the users Flyspray language settings too. I changed my language to french in a test install but the CKEditor still shows german user interface. (probably detected by browser http request headers)

Compare that the used language abbreviations work together between files in lang/ of Flyspray and that of CKEditors. (Flyspray: lang/pt_br.php vs. CKEditor: js/ckeditor/lang/pt-br.js)

Theme selection

Probably use a CKEditor source maintained Moona-Lisa or Moona as these are easier to modify their color themes like auto light/dark mode browser detection or base colors that match the theme.

Moona Color currently has issues and not maintained by CKEditor guys.

Plugins

The previous contained CKEditor 4.4.7 probably hat the standard preset used.

Following I keep track of plugins we should add to the basic preset. This list is growing/edited until the final config that ships with Flyspray is found.

Mentions

This would enable choosing a user by their username, like @peterdd.

Requires writing an extra php file for retrieving a matching list of users, that respects current user permissions and status of users (like not fetch disabled users).
This extra php file could be also used for the editor textareas with a dokuwiki toolbar.

Auto Grow

This is just a promising usability improvement. No scrollbars needed when writing longer texts.

Turns just typed urls like https://www.flyspray.org into real links (like dokuwiki does it when rendered on page.)

Baloon Toolbar

This just sound like a promising usability improvement. Not tried yet. Only add when there is use case (other plugins usability profit from it) for Flyspray.

Blockquote

Probably required because existing Flyspray installs had it too and citing a comment/text snippet should be also able.

Code Snippet

Probably requires deeper look how secure integrate with server side cleanup (HTMLpurifier).

Format

h1-h6 and other tags. Probably required as previous Flyspray versions used that too. (TODO: What happens to old content with h1-h6 tags when editing with a CKEditor without the Format plugin?)

Also configure it to accept only tags useful for within Flyspray. (see also server side configuration of HTMLPurifier)

Remove Format

Existing Flysprays had this too and probably a good thing when the user can cleanup their word/whateverwhere pasted stuff cleaned before HTMLpurifier does it server side too with maybe surprises to the end user.

Show Blocks

Gives the user some confidence on command if his current editing has the right/intended structure.

Well, that missing is one of the reasons why I hated WYSIWYG or wannabe WYSIWYG editors in the past. Uncertainty by the end user, and pain for the admin/webmaster when he sees the garbage stored in the database (endless spans and other garbage tags partly wrong nested by just pasting from Word documents.)
(little bug in CKEditor 4.13.0: doesn’t expand the area with plugin Auto Grow enabled)

Source Editing Area

Useful for people that can read HTML or are responsible to fix things.

2118User InterfaceFeature RequestLowShow overview of existing tags for usersAssigned
20%
peterdd1.1 devel09.04.201626.10.2019 Task Description

At several places it could be useful to let the user view available tags:

  1. When editing a task a toggle popup could show a list of selectable and existing tags.

I found several nice vanilla-js-multiselect-with-autocompletion scripts, but none yet that still works at a basic level when javascript is turned off.

My plan is now:

  • Keep the current basic input text field for input tags and show current assigned tags like exampletag1;exampletag2;exampletag3 separated by ‘;’ that is sent to the server when saving the task and server handles evaluation of that string (validation, duplicates, removed, added, creating new tags if allowed for current user)
  • A CSS only toggle that shows available tags that can be assigned (works even with js turned off), similiar to other places within Flyspray like advanced search toggle.
  • If js turned off, the user must type the tag - not as fancy, but at least works. (I thought also about using a html select with multiple=”multiple” attribute, but was not convinced due styling not possible in modern browsers without js)
  • If js is enabled, more fancier stuff is possible:
    • The input text field is hidden by display:none and instead the styled tags are shown.
    • The current added tags also get a little x to remove a tag by clicking it. The content of the hidden input text field is updated to reflect the current editing status. (click eventlistener)
    • A generated text input field for typing with autocompletion list shown of matching availbale tags. An unknown tag is added to the list if user is allowed to create tags. Clicking a item in the autocompletion list adds the tag and resets the autocompletion input text field for the next autocompletion action.
    • The tags within the toggle list with all available tags get also a click event listener, so clicking it adds them to the hidden text input.
    • Not sure yet if an added tag should be removed from the all available tags list or just make an CSS indication that a tag is still added, currently I tend to keep the list untouched, just highlight used tags of the task.
  • Optionally make the all available tags sortable by:
    • list_position (default)
    • alphabetic
    • global or project level
    • popularity (count of tasks using a tag (n + unnumbered private)), requires adding a data attribute.
    • group by detected prefix like shape:triangle shape:circle shape:rectangle could show a group of tags as: shape: triangle circle rectangle
  1. Make the list of tags searchable for the advanced search. added with FS1.0-rc10 by just using search key words also for searching list_tags table.
2586Backend/CoreTODOLowPHP7.4New
50%
peterdd1.0-rc10312.12.201918.02.2020 Task Description

PHP 7.4 is out now and a few things should be done to make Flyspray work well with it.
Nothing really breaks, but a view deprecation warnings should be fixed.

Flyspray source itself: Just a few new notices, most are yet fixed in the master branch.

Watching the PHP7.4 compatibility of dependencies defined by composer.json:

  • ADOdb/ADODb: 5.20.15 should be OK for Flyspray
  • swiftmailer/swiftmailer: We still use 5.* branch, so either do quickfix for a notice in a fork or upgrade/rewrite our integration to the 6.* branch.
  • ezyang/htmlpurifier: 4.12 OK
  • thephpleague/oauth2-client: unknown, we still use 0.13, last real source change was Nov 2018, to upgrade requires rewrite of integration into Flyspray and there is low demand for OAuth2.
  • dapphp/securimage: seems to be OK
  • jamiebicknell/sparkline: OK, but probably obsolete for us in future due
    • still annoying problems with our github/travis tests (problem of travis, not sparkline itself)
    • better solution (interactive hover infos, scales, screen size adaptive) by Flyspray source planned
2594Backend/CoreTODOHighpagination of user listAssigned
0%
peterdd1.0-rc1023.02.202023.02.2020 Task Description

For Flyspray installations with many users (several thousands) a pagination of the user list in the admin area is required.

2000 users no problem to display (aside the PHP max_input_vars limit which is only 1000 by default, so maybe not all checked checkboxes are handled.)

More users might send your mysql to long running blocking queries creating temp tables … bad!

(I killed them by watching show processlist; and kill id; on mysql console.)

2596EmailBug ReportLowInvalid link in notification HTML part of eMailWaiting on Customer
50%
peterdd214.03.202026.03.2020 Task Description

Hello,
my notification eMails have invalid links.

I use a different port. See below for the partial eMail source text:

DIES IST EINE AUTOMATISCH ERSTELLTE NACHRICHT, BITTE NICHT ANTWORTEN.<br>
… <br>Mehr Informationen k=C3=B6nnen unter=
der folgenden URL abgerufen werden: <br><a href=3D”https://pp.cobru.de“>pp=
.cobru.de</a>:444/bug/index.php?do=3Ddetails&task_id=3D309<br><br>Sie erhal=
ten diese Nachricht, weil Sie in Flyspray Benachrichtigungen aktiviert habe=

Debian GNU/Linux 10 (buster)
MySQL 10.3.22
PHP version: 7.3.14-1~deb10u1
Flyspray 1.0-rc9

Steps done to create the problem:
-Use a different Webserver Port
-Enable eMail notifications
-Create or modify an task

Expected behavior:
-Valid link

Experienced behavior:
-Invalid link

BR
Wörsty

2560Backend/CoreBug ReportLowdo not allow close task with reason duplicate referenci...New
0%
peterdd29.07.201929.07.2019 Task Description

So closing a task

FS#1

with

reason: duplicate

and close comment

FS#1

referencing to self should be detected to avoid such user mistakes.

2573Backend/CoreTODOLowadd rel nofollow,ugc,.. settingsNew
20%
peterdd114.09.201915.09.2019 Task Description
  1. Find a good configuration name just reuse relnofollow as used by dokuwiki
  2. Find a good translation keyword for that config relnofollow
  3. Find a good translation keyword for config description (title attribute)

Goes into prefs table as it is sitewide configuration.

As first implementation a simple checkbox should be ok. Should be on the tab with other spam handling stuff like captcha configuration.

Is enabled by default (1).
Adapt setup xml files, upgrade procedure.


	
2559Backend/CoreBug ReportLowa duplicate close accepted even when missing comment/ r...New
0%
peterdd29.07.201929.07.2019 Task Description

Closing a task with selected close reason duplicate should warn when there is no comment or FS # id is given in the close comment text field.

The task is closed as duplicate without any further notice. The information to which task it is duplicate or a description (if the problem is logged/handled outside Flyspray) is lost.

Possible solutions

Frontend hints

  • variant F1 (soft): When duplicate as close reason is selected, a placeholder attribute in the close comment text field could be shown/updated. (maybe as ‘css only’ possible)
  • variant F2 (harder): Deny sending the form if duplicate selected, but comment text field is empty. and shows warning info. (javascript required, nojs browsers still send form.)
  • variant F3 (hard): Deny sending the form if duplicate selected and no task id detected in comment text field. and shows warning info. (javascript required)

Backend deny

  • variant B1 (soft): When request wants close a task with duplicate reason and (cleaned) comment string is empty, deny closing the task and give feedback to user why it was denied.
  • variant B2 (hard): It requires detecting a task id in the comment field and the first detected task id is taken for referencing as ‘is duplicate of’. Limitation of this is that the duplicate could be also a ticket or something of a complete other system.
2316Backend/CoreBug ReportLow"wrongtoken" is displayed if the comment box is left si...Assigned
0%
peterdd7122.11.201629.07.2019 Task Description

I understand this is likely due to some sort of XSS CSRF protection, but the delay doesn’t appear to be long enough to be useful for a lengthy comment to be posted. I’ve now lost two detailed comments in our tracker because the software threw everything out and generated a meaningless error.

Further, attempting to do the normal thing and making the browser resubmit the page results in Flyspray throwing “Error #3” something something repeated action and causing a redirect to the homepage.

Surely there has to be a better way to handle this that doesn’t incur data loss?

2568DocumentationBug ReportMedium[MANUAL] a missing image in "Understanding Permissions:...Unconfirmed
0%
101.09.201902.09.2019 Task Description

In the page http://www.flyspray.org/manual/group_permissions/ , it is written

Shown is an image of the permissions page for the Flyspray project’s Contributors group

but there is no image in there.

I can think of two ways of dealing with that I guess:

  1. add an image
  2. remove the sentence

What do you think?

1856Backend/CoreBug ReportMediumWrong timezonesResearching
0%
1327.03.201306.03.2015 Task Description

Hello,
when selecting timezone in user profile, it only offers offset based timezones. It should offer timezones like "Europe/Prague", instead, because in summer it is UTC+2 and in the winter UTC+1. Also UTC is the same as GMT.

Using offsets will cause invalid future and past times when crossing daylight saving or when something other changes.

Adding daylight checkbox is not enough and will cause additional troubles. Just use names and store them as ENUM in database, not offset. This problem is pretty complicated and the only solution is to use names and let libraries to solve it for you.

Thank you.

2215Text RenderingBug ReportLowwrong output of Geshi syntax highlighting for xml codeNew
0%
117.10.201631.12.2017 Task Description

Geshi 1.0.8.17 from https://github.com/easybook/geshi is quite slow at the current integration of Flyspray v1.0-rc3 on the first run. (But any further read uses the cache.)

But it produces garbled output for xml code highlighting:

Example without xml, just format as preformatted code:

<table>blabla</table>

Or as php syntax highlighting (even if it doesn’t contain a real php-tag ;-) ):

<table>blabla</table>

Example with xml choosen as language:

blabla

The table tag is stripped away instead of converting the tag for output inside code/pre tags (by converting the < and > chars). Maybe just a configuration issue?

1222Backend/CoreFeature RequestMediumWorkflow engine / Role-based State Transition Rules Eng...Unconfirmed
0%
11625.03.200705.05.2019 Task Description

I have been working with Eventum (http://www.mysql.org/downloads/other/eventum/) for quite sometime now and in contrast, I like Flyspray for its simplicity and practicality. But one thing I badly miss (and something that Eventum scores high) is a Workflow Engine. If not a sophisticated W.E., I (as an Admin / Manager) should be able define role-based state transition rules of the tasks reported in a particular project. For example, I should be able to implement the following scenario:

  1. For a “Developer”, the subsequent tasks from various states. Likewise for other roles
  2. “Developer” should not be able close out the bug reports. He/she can only flag them as implemented. The “Reporter” of the bugs or the “Manager” alone should be able to close out issues
  3. ..
  4. .. it will go on like that ;-)

This feature, in my opinion, is very crucial for corporate organizations to give a serious consideration to Flyspray.

1977Backend/CoreBug ReportLowWeird URL after closing task with referenceUnconfirmed
0%
115.03.201518.03.2015 Task Description

On Mac OS Safari:

I just closed a task and wrote the following into the comment for closing:

"See also F.S.#.14" (of course without the points). When I then click the link in the comment box (below the task details) I'm redirected to:
"http:/flyspray.stefan-herz%0Aog.tld/index.php?do=details&task_id=%0A14". No matter if #14 is closed or not.
It worked with Firefox.

Any suggestions?

2327Backend/CoreFeature RequestLowvisibility-option for private tasksUnconfirmed
0%
315.01.201717.01.2017 Task Description

We have some private Tasks in our FS-bugtracker to hide them from normal reporters. But we also have some external beta-testers in a betatesters-group and they should be able to see (and check) the private tasks without giving them a project manager status. So it would be good, if there is a switch in the group option to give specific groups the right to see private tasks.

2453Backend/CoreBug ReportMediumvalidate category before storing a new taskNew
0%
1.014.12.201714.12.2017 Task Description

Currently the category_id is not checked if the value is legal for the project when a new task is created.

  • must be unsigned int
  • must be an active category_id of the project or global category.
  • setting a category_id must be allowed - see project settings.

If invalid category_id is sent, deny creating task and show error message and show filled form again.

If no category_id is sent (or empty string) and category select is enabled:

  • either choose a default category

or

  • implement feature request FS#2451 and show that user should select a category.
1753Backend/CoreFeature RequestMediumUsergroup Restriction: Only View SummaryConfirmed
0%
1.1 devel4220.06.201227.06.2016 Task Description

I was really impressed with Flyspray and about to use it as our bug tracker, but then I discovered quite a big problem. You can't restrict users from seeing full task details.

I would really love the ability to let them only see the summary. My reason being is that I'm needing a bug tracker for my game, and bugs reported can be easily abused, and will be abused, if people can just read bug reports and see how to replicate them.

The reason I don't like just unchecking the "View Tasks" option, is because they wont be able to see if there is already a task about the bug, so we would just get flooded with duplicate reports on the same bugs.

2479Backend/CoreInformationLowUser table seems really complexUnconfirmed
0%
110.08.201810.08.2018 Task Description

why not store all the user preferences in preferences or user_prefernces? Then users can just be simple username, email, password?

1834Backend/CoreFeature RequestLowuser profile pageMaybe
0%
2.025.02.201306.03.2015 Task Description

Should have a page that is a users profile page. so clicking in that users name on a ticket takes you there and you can see what bugs are assigned to them, what they have commented on, and other info about them and about their activity.

2430Backend/CoreFeature RequestLowUser dependency on projectUnconfirmed
0%
216.03.201720.03.2017 Task Description

So, there would be great option if we can set permission to users to see and post only in specific opened projects in bug tracker.

Idea is, that user has all right to all projects, but in some cases we want that user can see only projects which is allowed and also to publish new tasks to only allowed projects.

In that case tasks overiew is locked and user must be logged in to see opened tasks.

2059Backend/CoreFeature RequestLowusage of github automated/webhook notificationsNew
0%
24.09.201524.09.2015 Task Description

We have no API yet for Flyspray.

But someone could write a simple php-file that can be called by a github.com auto notification, whenever:

  • a commit on github.com for Flyspray/flyspray is made

Github.com provides the configuration of such notification for a possible target like

https://bugs.flyspray.org/api/github.php

or

https://bugs.flyspray.org/api/github.php?project=1

in the settings of a project.

What the file needs:

  • import some of the existing Flyspray classes from includes/
  • config or load the secrets that are provided by github.com in the setup for the automatic notification
  • check that secrets and more for authentication and authorization of requests coming from github.com
  • parse the messages for Flyspray identifiers like ' FS#1234 ' or 'fix  FS#1234 ' or 'related to  FS#1234 '
  • take actions on the results of that message parsing like making adding comment or modifying a task status
1973Backend/CoreTODOLowurl rewritePlanned
80%
1.1 devel214.03.201511.02.2016 Task Description

Well, it needs a cleanup, per example:

fixed now http://127.0.0.1/flyspray/task/3?project=1

That should be something like:

The actual one is actually half a rewrite and half a GET version

2097User InterfaceBug ReportMediumUrl incorrect for view attachementUnconfirmed
0%
10116.01.201602.03.2016 Task Description

I’m using URL rewriting…

If I click on the link, the picture doesn’t appear.

https://flyspray.xxx.fr/task/27?getfile=8

It’s ok in task history. The right URL is

https://flyspray.xxx.fr/?getfile=8

.

2111Installer and UpgraderBug ReportMediumUpon trying to install flyspray release, setup says I'm...Planned
10%
224.03.201605.06.2016 Task Description

When I tried to install a instance of flyspray that is a release, I am greeted with a screen that says that I am trying to install a development version of flyspray. Due to me using shared hosting, I am unable to run any composer commands.

My version of flyspray was downloaded from flyspray.org, so why would this be happening? Thanks

2028Text RenderingBug ReportMediumupgrade dokuwiki 'plugin'New
0%
12.08.201520.08.2015
2324Backend/CoreInformationLowUpdate composer.jsonUnconfirmed
0%
31.12.201631.12.2016
1981Backend/CoreTODOLowUnify event logging and notificationsConfirmed
0%
1.1 devel220.03.201522.03.2015
2449Backend/CoreBug ReportLowUnexepted exception on smtp gmail sendUnconfirmed
10%
729.10.201710.01.2018
2202Installer and UpgraderBug ReportHighUnable to upgradeUnconfirmed
0%
310.09.201611.10.2016
2081User InterfaceBug ReportLowUI for adding comment while editing task doesn't use HT...Confirmed
0%
429.10.201506.11.2015
2425SlovenianFeature RequestVery LowTranslation: SlovenianConfirmed
40%
105.03.201705.03.2017
2075NotificationsBug ReportHighToo spammy notifications under some circumstancesRequires testing
40%
1.019.10.201503.11.2015
2209AuthenticationFeature RequestMediumTLS support for LDAPUnconfirmed
0%
109.10.201604.09.2019
2521EmailInformationLowTLS email with self-signed certificate doesn't work, "C...Unconfirmed
0%
531.10.201803.11.2018
2019User InterfaceFeature RequestMediumtitle -tag Waiting on Customer
0%
1.1 devel26.07.201526.07.2015
2589User InterfaceBug ReportLowTime zone in user settings is confusingUnconfirmed
0%
228.12.201928.12.2019
2007Backend/CoreBug ReportLowtime on project overview activity timelinesNew
0%
18.07.201518.07.2015
2210User InterfaceInformationLowTasklist color for due dateUnconfirmed
100%
612.10.201618.10.2016
1980User InterfaceFeature RequestMediumTasklist - PDF ExportMaybe
0%
2.0119.03.201526.05.2016
2318Installer and UpgraderBug ReportLowsyntax_plugin required when selected ckeditor in SetupRequires testing
50%
323.11.201607.12.2016
2108User InterfaceFeature RequestMediumSupport local language when install FlysprayConfirmed
30%
3103.03.201615.07.2016
2107AuthenticationFeature RequestLowSupport CAS Server AuthenticateUnconfirmed
0%
202.03.201604.09.2019
1749User InterfaceBug ReportLowSubmit form buttons on lower rightUnconfirmed
50%
117.06.201224.09.2015
2536Backend/CoreFeature RequestMediumstore session in Flyspray databaseNew
0%
221.01.201915.03.2019
2114TranslationsTODOMediumStandardize the priority meaning across flyspray transl...New
0%
207.04.201626.03.2018
1748Database QueriesFeature RequestLowSort by recent activityPlanned
0%
1.1 devel717.06.201211.03.2015
2223GreekBug ReportVery LowSome strings need splitting or replacementUnconfirmed
0%
2124.10.201625.10.2016
1950User InterfaceTODOMediumSolve confusing Flyspray group settings vs Project grou...Confirmed
50%
1.0907.03.201511.11.2015
2524EmailInformationLowSMTP Mailer doesn't accept custom portsUnconfirmed
0%
05.11.201827.11.2018
Showing tasks 1 - 50 of 309 Page 1 of 7

Available keyboard shortcuts

Tasklist

Task Details

Task Editing