Flyspray - The bug killer!

This is the Bug Tracking System for the Flyspray project. This is not a demo!

2016-11-18: Flyspray 1.0-rc4 released This is a security release.

2017-02-28 Must disable new user registration on again. Too many captcha solving spambots at the moment. peterdd

IDCategory  ascTask TypeSeveritySummaryStatusProgressAssigned ToDue In VersionOpenedLast Edited
2201APIBug ReportHighI got Fatal Error on the Github OAuthUnconfirmed
1.0107.09.201609.09.2016 Task Description
Fatal error: Class 'League\OAuth2\Client\Provider\Github' not found in /html/bugs/includes/GithubProvider.php on line 11

I have downloaded this:
Precompiled with 3rd party libs for PHP5.6: flyspray-1.0-rc1_php56.tgz
and the file seems really dont exist.

1987APIFeature RequestMediumREST API to get metrics from flyspray projectsUnconfirmed
229.03.201506.10.2015 Task Description

I need metrics for flyspray projects about a rest api. For example the count of issues for status, priority. I want use this values for my code analysis system and other internal tools. It is possible to create a rest api with user authorization and only for metrics data?

2112APIBug ReportMediumAssigned tickets aren't editable for lower privileged u...Unconfirmed
231.03.201611.04.2016 Task Description

An assigned ticket can't be edited by a lower privileged user.

Steps to reproduce:

  • One Project, Two Users. User A is Admin, User B is Basic
  • A creates a Task.
  • A take ownership of the Task. (it’s important to do this AFTER saving the task. You cannot assign User A if you are A in this moment. Maybe another Bug...!?)
  • Now B is allowed to take ownershop too. B click now “Add me to assignees”.
  • Now B can edit the task.
  • If B click “save”, the task can’t be saved, because some fields haven’t the correct values (esp: state is now “unconfirmed”). Many error messages said, that unexpected values exist

Some weird moments:

  • Why can B edit a task? He have no rights to edit tasks...
  • If B are Basic and have “edit own Task”-Right too, this bug also exist.
2437Backend/CoreBug ReportCriticalSpammers are able to bypass disabled user registrationsUnconfirmed
206.08.201717.08.2017 Task Description

Spammers have found a way to bypass the block on user registration and cause entries to be inserted into the registrations table in the database. I have 30+ of them in there right now, all inserted within the last 2 days. I’ve had user registrations disabled for 2 weeks now because of an onslaught of spammers who won’t leave us alone. Flyspray has insufficient safeguards against them so when this happens I have little choice.

I don’t have any idea how, but these entries in the registrations table are resulting in emails being sent out to these accounts that are bouncing because the spammers are on domain blocklists for forging their DNS responses.

Something needs to be done about this, because if they can insert phantom entries into this database table via the code, what else could they be doing that we haven’t spotted yet?

1673Backend/CoreBug ReportHighOnly white screen after upgrade to 1.0 - reasonsConfirmed
1.1 devel31412.01.201117.08.2016 Task Description

After I upgraded to version 1.0 (the upgrade was successful), flyspray only shows a white page (and the source in firefox shows, that the page is completely white).

Please help us finding the roots of these bugs!

Please report what you were exactly doing before this happend, report us your steps made, the used php version, used OS version, and such information.

We think most cases of that “white screen” are relying on the third party vendor libraries behavior we use.
When a library detects an error, sometimes they just call die() or exit; of php, but suppress error messages. So the script just stopped not giving any output to browser.

The dev versions from github use composer for installing the required libraries. We will package them on the final release together and make sure most cases of “white screen” are fixed.

1849Backend/CoreFeature RequestHighInstaller OverhaulPlanned
1.1 devel515.03.201315.07.2016 Task Description

The application installer needs an overhaul, all strict notices fixed and the associated dependant tasks resolved.

2086Backend/CoreBug ReportHighBasic User can see all Projects and TasksUnconfirmed
803.11.201526.01.2017 Task Description

Since Update to Flyspray 1.0 Beta2 all users can see every task in every project.

The rights were set up correctly in Flyspray 1.0 Alpha and worked just fine.

2087Backend/CoreInformationHighSee no Editor in Add New TaskUnconfirmed
4104.11.201505.11.2015 Task Description


I can’t see the Editor when I make new task. Also when I editing a exciting task.

See nothing to put any HTML code in it. Can you help me!?

I use this version: Flyspray

2134Backend/CoreInformationHighCannot assign a task to other projectUnconfirmed
3107.06.201631.10.2016 Task Description

Moving task to another project seems to require fields updated to target project options. This operation is not possible on the task category field and possibly others. Attempting to submit changes gives error:

“Oh, there are some incompatible properties set that must be resolved before moving this task to a different project.”

However, you cannot select a new value (from the target list) for the properties in question.

2135Backend/CoreBug ReportHigh"Modify own tasks" does not function correctly when add...Confirmed
peterdd1.013107.06.201622.08.2016 Task Description

“Oh, there are some incompatible properties set that must be resolved before moving this task to a different project.”

Oh, but I am not moving the task to a different project. Just trying to edit my own submission.

“Edit this task” → “Save details”

See attached screen capture.

2159Backend/CoreTODOHighfresh registered user accounts created spam tasksNew
204.07.201625.10.2016 Task Description

Today it was first time I see real spam on

The 2 spam accounts registered today and started creating spam posts as new tasks.

What is the reason? Was it by real humans or bots?

So what can we do to reduce this in future?

Ideas for making it harder and unattractive for spammers:

  • Users who never opened a nonspam-task or contributed a useful comment should solve a captcha
  • Limit the amount of creating tasks for new registered users or a user groups, like limiting to 2 tasks or 1 task per user per day.
  • Settings for a more moderated task creation process? Like a quarantine dbtable for tasks?
  • If we closed such spam tasks with WTF? reason, it will still be listed by search engines like google at the moment:
  1. Move spam tasks to a ‘dumpster project’, that is not visible for guests (search engines!) too.
  2. Or make spamming to visible flyspray projects unattractive, lets set noindex for: closed task for some special reason id?
  3. Delete spam tasks from database if allowed by your organization

Update: another and this time more aggressive phone number spammer.

2197Backend/CoreBug ReportHighChange Time for everyoneUnconfirmed
121.08.201622.08.2016 Task Description

Flyspray does not recover the time set in php.ini. On display, the system has two hour delay.

2207Backend/CoreBug ReportHighNonpublic project titles and project description exposi...Confirmed
peterdd1.0123.09.201629.09.2016 Task Description

When a anonymous user tries to display a ticket of a non public project (for example by entering a random ticket id), Flyspray exposes the title of the non public project in the header bar.

Edit by peterdd: also applies to project description

2314Backend/CoreBug ReportHighHTMLPurifier_Config error after installing 1.0rc4Unconfirmed
219.11.201619.11.2016 Task Description

Updated to the new security release today and anytime someone tries to add a comment, the following error is thrown:

Notice: Undefined variable: conf in /includes/class.backend.php on line 312 Fatal error: Class ‘HTMLPurifier_Config’ not found in /includes/class.backend.php on line 313

This is the offending code:

if($conf['general']['syntax_plugin'] != 'dokuwiki'){
	$purifierconfig = HTMLPurifier_Config::createDefault();
	$purifier = new HTMLPurifier($purifierconfig);
	$comment_text = $purifier->purify($comment_text);

After commenting this block of code out, comments can again be posted.

2336Backend/CoreBug ReportHighCaptcha validation always fail on registrationUnconfirmed
1201.02.201720.03.2017 Task Description

Correct or wrong code return false!

The results of Securimage Test Script on my server

This script will test your PHP installation to see if Securimage will run on your server.

Session Functionality: Yes!
GD Support: Yes!
GD Version: bundled (2.1.0 compatible)
imageftbbox function: Yes!
TTF Support (FreeType): Yes!
JPEG Support: Yes!
PNG Support: Yes!
GIF Read Support: Yes!
GIF Create Support: Yes!
SQLite Support: Yes!
SQLite is available. If you choose to use it, Securimage can support users who do not accept cookies.
MySQL Support: Yes!
MySQL is available. If you choose to use it, Securimage can support users who do not accept cookies by storing codes in MySQL.
PostgreSQL Support: No
No PostgreSQL support.
LAME MP3 Support: No
LAME was not found, audio will work in WAV format, but not MP3. See Securimage HTML5 audio documentation for info.
Your server meets the requirements for using Securimage!

on line:754 got

if( !Post::isAlnum('captcha_code') || !$image->check(Post::val('captcha_code'))) {
if( true == false || false == false ) {
407Backend/CoreFeature RequestMediumPlugin systemAssigned
2.0261404.12.200417.01.2013 Task Description

Everything is currently hard-coded. Create a plugin system that allows a module to be simply "dropped into" a plugins/ directory, enabled in the options, and have the plugin just work.

Possibilities might include alternative methods of notification, perhaps a documentation subsystem, or even simple things like voting for tasks.

The user should NOT have to edit existing Flyspray source code to make a plugin work.

1222Backend/CoreFeature RequestMediumWorkflow engine / Role-based State Transition Rules Eng...Unconfirmed
11525.03.200717.08.2015 Task Description

I have been working with Eventum ( for quite sometime now and in Contrast, I like Flyspray for its simplicity and practicality. But one thing I badly miss (and something that Eventum scores high) is a Workflow Engine. If not a sophisticated W.E., I (as an Admin / Manager) should be able define Role-based State Transition Rules of the Tasks reported in a particular Project. For example, I should be able to implement the following Scenario:

  1. For a "Developer", the subsequent tasks from various states.  Likewise for other roles
  2. "Developer" should not be able close out the Bug Reports.  He / She can only flag them as implemented.  The "Reporter" of the Bug(s) or the "Manager" alone should be able  to close out issues
  : - it will go on like that ;-)

This Feature, in my opinion, is very crucial for Corporate Organizations to give a serious consideration to Flyspray.

1237Backend/CoreFeature RequestMediumAllow Multiple Owners Per CategoryPlanned
2.04609.04.200710.08.2015 Task Description

Currently, only one owner can be applied per category (at least, that's what the tooltip implies). The ability to add more than one user, a user group, or a mix of the two to a category would be ideal.

Often times, more than one programmer will work on and maintain a feature that cannot be divided into subcategories with the various programmers dispersed accordingly. In such cases, setting all such programmers as owners of the category is beneficial in that they will all receive notifications.

Also, having a parent category's owner receive alerts if no owners are specified for a sub-category benefits from this ability. I may have a "User Interface" group that has all of my UI developers in it; assigning the group to the "User Interface" root category means all relevant developers find out about a new issue that was not directed elsewhere.

One potential conflict does arise with another Flyspray feature. If "Auto-assign a task to the category owner" is enabled, care must be taken to assign no users or the first user to the task; personally, I would prefer no one being assigned and seeing the wording changed to "Auto-assign a task to sole category owners". Worst case scenario would be another option asking if no one or the first user would be assigned to a task in that instance; if a group is specified, the first user in the group would be chosen.

1751Backend/CoreFeature RequestMediumDefault to show all in Event LogAssigned
peterdd1.1 devel1120.06.201209.02.2016 Task Description

Just show me all events when I click the Event Log tab (limited to x number). If I want to filter the results down I’ll use the UI.
Currently, I click Event Log and get no information. Then I have to build a query of what I want to see (every time!).

1753Backend/CoreFeature RequestMediumUsergroup Restriction: Only View SummaryConfirmed
Psychokiller18881.1 devel4220.06.201227.06.2016 Task Description

I was really impressed with Flyspray and about to use it as our bug tracker, but then I discovered quite a big problem. You can't restrict users from seeing full task details.

I would really love the ability to let them only see the summary. My reason being is that I'm needing a bug tracker for my game, and bugs reported can be easily abused, and will be abused, if people can just read bug reports and see how to replicate them.

The reason I don't like just unchecking the "View Tasks" option, is because they wont be able to see if there is already a task about the bug, so we would just get flooded with duplicate reports on the same bugs.

1791Backend/CoreFeature RequestMediumAbility to merge version, OS, etcSuspended
1112.12.201212.01.2017 Task Description

For example, say I no longer want 1.1,, 1.0.0, etc. So want to merge them all into one version 1.0. Same goes for OS, and others

1856Backend/CoreBug ReportMediumWrong timezonesResearching
1127.03.201306.03.2015 Task Description

when selecting timezone in user profile, it only offers offset based timezones. It should offer timezones like "Europe/Prague", instead, because in summer it is UTC+2 and in the winter UTC+1. Also UTC is the same as GMT.

Using offsets will cause invalid future and past times when crossing daylight saving or when something other changes.

Adding daylight checkbox is not enough and will cause additional troubles. Just use names and store them as ENUM in database, not offset. This problem is pretty complicated and the only solution is to use names and let libraries to solve it for you.

Thank you.

1861Backend/CoreBug ReportMediumLogin-Page should redirect after login to the page, the...Confirmed
1.1 devel3112.04.201320.08.2015 Task Description

When some url to a bug is redirected to the login page, because the user does not have the right to see the bug without login, the user should be redirected after the login to the url he wanted to see.

Maybe redirect to /login/?next=/task/X and put the next-url in a hidden field in the login-form, so flyspray can redirect to the correct page after login.
Even preserving anchor-urls (#comment-YYYY) would be cool, but i guess this needs Javascript to work.

1875Backend/CoreFeature RequestMediumAbility to mark project as completedMaybe
1.1 devel6126.09.201312.10.2015 Task Description

Currently projects in Flyspray are active or set inactive.

It will be great to archive project if finished or abandoned. In this case it will not be shown in project overview page and project navigation combo.

1960Backend/CoreBug ReportMediumforeign key relations between versions and tasksNew
209.03.201513.08.2015 Task Description

It seem that when deleting a version entry in a project, that tasks that have this version assigned are still connected to this deleted version. For example FS#1222 (on 2015-03-09).

There are several options to solve such things:

  • Deny deletion of version as long as tasks assigned to this project version.
    • Either by doing a testing SQL query to check this case coded in PHP. Take care to keep this centralized, must also be respected by an eventually later added Flyspray API (XMLRPC or whatever).
    • add SQL foreign key constraints with ON DELETE RESTRICT
      • Pro: some business logic can be directly enforced by SQL.
      • Cons: higher requirements for hosting, if using mysql innodb tables must be available on the hosting
  • Move the tasks of this version to a default fallback version before deleting the version tag.
    • Either doing one transaction doing : 1. move the tasks to its fallback version, 2. delete the version
    • add SQL foreing key constraint with ON DELETE SET $fallbackversionid. Some pros & cons like on the the denying option.

The same for other assignments for tasks.

This issue is similiar to the massop issue: (

2012Backend/CoreFeature RequestMediumManaging TagsNew
1.1 devel418.07.201512.11.2015 Task Description

Tags can only be added on the "new task" page, not managed on the "edit task"-page.

2042Backend/CoreBug ReportMediumfunction absoluteURI not using basedir and force_basedi...Unconfirmed
3104.09.201501.10.2015 Task Description

public static function absoluteURI($url = null, $protocol = null, $port = null)
class Flyspray

not using basedir and force_basedir from configuration file

its problem because my web-server inside have port 7777 and outside 80 (nginx and PHP-FPM)

please fix it

2049Backend/CoreFeature RequestMediumDisplay login page or customizable page to anonymous us...Unconfirmed
209.09.201504.04.2016 Task Description

Currently, if there are no public project, the anonymous users gets a blank page not very useful. It will be a good idea to have a global configuration parameter to display some customizable-page or maybe the login form instead.

2069Backend/CoreFeature RequestMediumImprove password security by adding PBKDF2/bcrypt suppo...New
6114.10.201527.06.2016 Task Description

For password hashing, PBKDF2 & bcrypt are both more secure than md5 and sha1 (even salted).

My suggestion is to replace the default md5 hash method with bcrypt (set the default work factor to 6).

I am a PHP developer and I’d like to help with this improvement.

2088Backend/CoreBug ReportMediumError when trying to add task with dokuwikiUnconfirmed
406.11.201510.11.2015 Task Description

Steps to reproduce:

  1. install Flyspray 1.0 beta 2 on Turnkey Linux LAMP Stack 14.0 - this is Debian 8 (Jessie), PHP Version 5.6.13-0+deb8u1, see attached phpinfo.htm
  2. run Flyspray setup by navigating to Flyspray install dir in browser
  3. manually run curl / composer as suggested by setup
  4. set write permissions on attachments, cache, and newly created empty flyspray.conf.php
  5. allow FS to create new DB (”flyspraytest”)
  6. rename setup dir at end of setup
  7. navigate to Flyspray install dir in browser
  8. click “add new task”
  9. enter summary and description
  10. click “add this task”

Observed behavior:

Empty web page except for the following output, and task is not created:

Fatal error: Cannot redeclare class DokuHTTPClient in /var/www/flyspray-1.0-beta.2/plugins/dokuwiki/inc/HTTPClient.php on line 20 
Call Stack: 
0.0000 276512 1. {main}() /var/www/flyspray-1.0-beta.2/index.php:0 
0.0067 1874152 2. require_once('/var/www/flyspray-1.0-beta.2/scripts/details.php') /var/www/flyspray-1.0-beta.2/index.php:194 
0.0109 1947272 3. TextFormatter::render() /var/www/flyspray-1.0-beta.2/scripts/details.php:145 
0.0109 1948656 4. call_user_func:{/var/www/flyspray-1.0-beta.2/includes/class.tpl.php:687}() /var/www/flyspray-1.0-beta.2/includes/class.tpl.php:687 
0.0109 1949040 5. dokuwiki_TextFormatter::render() /var/www/flyspray-1.0-beta.2/includes/class.tpl.php:687 
0.0112 2223680 6. require_once('/var/www/flyspray-1.0-beta.2/plugins/dokuwiki/inc/common.php') /var/www/flyspray-1.0-beta.2/plugins/dokuwiki/ 
0.0113 2248136 7. require_once('/var/www/flyspray-1.0-beta.2/plugins/dokuwiki/inc/io.php') /var/www/flyspray-1.0-beta.2/plugins/dokuwiki/inc/common.php:11 
0.0113 2285584 8. require_once('/var/www/flyspray-1.0-beta.2/plugins/dokuwiki/inc/HTTPClient.php') /var/www/flyspray-1.0-beta.2/plugins/dokuwiki/inc/io.php:11 
2089Backend/CoreBug ReportMediumadding same taskid as subtask or related task should be...New
peterdd1.0207.11.201518.11.2016 Task Description

Both is a bit illogical, but both is currently possible! ;-)

1 ←- 1

So when setting the parent task id checked for creating loops is needed:

Loop with 2 tasks: 1 ←- 2 ←- 1

Loop with 3 tasks: 1 ←- 2 ←- 3 ←- 1
Loop with n tasks: 1 ←- ... ←- n < – 1

As I think there are currently no recursive reads that could lead to an endless loop, but should be kept in mind when someone wants to programm rendering a gantt chart.
E.g. by limiting the depth of subtasks for example.

2102Backend/CoreBug ReportMediumstrict ordering of tags required New
1.0219.02.201618.07.2017 Task Description

When saving the tag list at admin and project area, the ordering of the tags must be recalculated.

So it is not more legal to have a list ordering like (0,0,0,1,3,4,7)

That should be recalculated and stored as (1,2,3,4,5,6, 7) (or 0,1,2,3,4,5,6)
currently in file includes/


The SQL for the tasklist uses currently GROUP_CONCAT (and a equivalent syntax for postgres) that groups by list_tag.list_position.
Well, we could just ‘group by’ the tag_id too, but with list_position value we can show the most important tags first.

3 times, and that 3 result fields must be in the same order. (tag id, tag name, tag class field)

Also that sql-query part there needs a little modification, but first fix that strict ordering.


Don’t use group_concat() or similiar for list_tag.tag_name or list_tag.class. Instead load an indexed array once per http request and only when needed.

For instance as function within

         * load all tags into array
         * compared to listTags of class project, this preloads all tags in flyspray database
         * ideally maximal called once per http request, then using the array index for getting info
         * @return array
        public static function getAllTags()
                global $db;
                $res = $db->Query('SELECT tag_id,project_id,list_position,tag_name,class,show_in_list FROM {list_tag} ORDER BY list_position ASC');
                while ($t = $db->FetchRow($res)){
                return $at;

in scripts/index.php in function tpl_draw_cell():

function tpl_draw_cell($task, $colname, $format = "<td class='%s'>%s</td>") {
  global $fs, $db, $proj, $page, $user, $alltags;
  case 'summary':
                        # if global $alltags are yet undefined, preload the tags now.
                        if(!is_array($alltags)) {
 foreach($tagids as $tagid){
                                $tgs.='<i class="tag t'.$tagid
                                        .(isset($alltags[$tagid]['class']) ? ' ' .htmlspecialchars($alltags[$tagid]['class'], ENT_QUOTES, 'utf-8') : '').'" title="'.htmlspecialchars($alltags[$tagid]['tag_name'], ENT_QUOTES, 'utf-8').'"></i>';
2105Backend/CoreFeature RequestMediumcountermeasures for 'add task anonymous' spamNew
127.02.201627.02.2016 Task Description

Today I got first SPAM on bugtracker.

Question: Is it possible to enable CAPTCHA for anonymus task add?

Question 2: Is it possible to delete SPAM tasks.

2119Backend/CoreBug ReportMediumfunction filter_input not always availableResearching
15.04.201615.04.2016 Task Description

filter_input() is in extension “Filter”.

It is enabled by default since PHP5.2, see but not “always”, see!topic/flyspray/QM75BvwPqGM

filter_input() is only used at 1 section in Flyspray (since 2014 up to v1.0rc1) in includes/
This is the commit

How do we solve it? Several possibilities:

2121Backend/CoreBug ReportMedium'my assigned tasks' uses like %?% search instead of use...Confirmed
1.0219.04.201620.03.2017 Task Description


The button ‘My assigned tasks’ should search only by userid, not in username or realname with the LIKE ‘%...%’ operator.

Currently the button is using the same as doing an advanced search filling the ‘Assigned To’ input field. (currently ‘dev’ param) But that search param searches in userid, username and realname.

There are several solutions possible:

  • We do not use the dev-urlparam ?do=index&project=1&dev=123 that would list also assignees with username dude123 or dude123blabla. Instead use for instance ?do=index&project=1&mytasks or ?do=index&project=1&devid=123
  • ...

Needs some planning, thinking to keep it simple/solid.

2122Backend/CoreBug ReportMediumopen_basedir restrictions for FS_CACHE_DIR not respecte...Suspended
422.04.201616.08.2016 Task Description

Edit by peterdd: renamed task summary

Affected versions: at least Flyspray 0.9.9(.7/*?) up to Flyspray 1.0 RC1

Original report: Title ‘Problem regarding 0.9.7 (1.0) to 1.0 RC-1 update’

I tried to update BT from modified version (database in original state) 0.9.7 to 1.0 RC-1 but I got strange error.

PHP is 5.6.

I try to use:
Precompiled with 3rd party libs for PHP5.6

and was doing as was written on upgrade procedure.

Strange is that “D:\SShopBT\includes\class.flyspray.php” there are errors regarding writtable path... Because the path is correct and all other Joomla and Wordpress web sites are working correctly..

After upgrade web site do not work att all. Login not working - just get error. So I must reverse (use backup) database and files.

Server is Windows Server and IIS (Internet Information Services)..

Complete error was (also seen in screenshot):

Warning: is_writable(): open_basedir restriction in effect. File(C:\PHP-temp) is not within the allowed path(s): (D:\) in D:\SShopBT\includes\class.flyspray.php on line 1162 
Warning: is_writable(): open_basedir restriction in effect. File(C:\PHP-temp) is not within the allowed path(s): (D:\) in D:\SShopBT\includes\class.flyspray.php on line 1164 
Warning: is_dir(): open_basedir restriction in effect. File(C:\Windows\TEMP\e865fa2fdfc11dbb32cc6262d247e766) is not within the allowed path(s): (D:\) in D:\SShopBT\includes\ on line 82 
Warning: Cannot modify header information - headers already sent by (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\header.php on line 14 
Warning: Cannot modify header information - headers already sent by (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\header.php on line 15 
Warning: Cannot modify header information - headers already sent by (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\header.php on line 16 
Warning: session_start(): Cannot send session cookie - headers already sent by (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\includes\class.flyspray.php on line 893 
Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\includes\class.flyspray.php on line 893 
Warning: Cannot modify header information - headers already sent by (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\index.php on line 93 
Warning: Cannot modify header information - headers already sent by (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\index.php on line 94 Headers are already sent, this should not have happened. Please inform Flyspray developers.
2123Backend/CoreBug ReportMediumTaskList export is not a SYLK file (error message).Unconfirmed
326.04.201627.04.2016 Task Description

I tried the “Export tasklist” button and I get the following error when it tried to be opened with Excel.

“Flyspray_-_The_bug_killer!_2016-04-26-1.csv” is not a SYLK file”

The csv file is understood as a SYLK file because it starts with ‘ID’. It’s an Excel keyword that means
to Excel, “open it as a SYLK file”. but the it’s not a SYLK file, it’s just a csv file.

I created few files to let you understand it: (bad_SLYK.txt and correct_SYLK.txt), translated in csv files,
do the (bad_SYLK.csv and correct_SYLK.csv) files.

The csv content is different because Excel check the first column name: ID ( == SYLK).

With Flyspray export to csv (SYLK_file_should_be_CSV.png), you use the ID as a first column name. So, Excel
understand it as a SYLK file, and it’s not.

Could you please switch “ID, Category, ...” with “Category, ID,...” or rename ID as Id or iD ? or maybe just export
columns as defined in the user view. (not all columns).

I hope it would solve the problem (as a quick fix).

Hope it helps


2209Backend/CoreFeature RequestMediumTLS supportUnconfirmed
109.10.201609.10.2016 Task Description

It would be helpful to have communication with LDAP via TLS

2310Backend/CoreBug ReportMediumDefault entry to project creates endless loopConfirmed
1.0205.11.201623.01.2017 Task Description

I setup the default page to “roadmap” for a project, logged out, and it’s not possible to access the base url anymore. I chased the bug throughoutt the code and it seems that:

index.php calls scripts/roadmap.php at line 200:

if (!defined('NO_DO')) {
    require_once(BASEDIR . "/scripts/$do.php");


in scripts/roadmap.php, lines 11-13 redirect to base url:

if (!$proj->id) {
2313Backend/CoreInformationMediumdifferent composer.json for different php versions?New
17.11.201617.11.2016 Task Description

I still struggle with composer.json for doing Flyspray builds with included 3rd party libs for different PHP versions.

It is annoying composer.json is just an array, no comments, no conditionals
- and I’m still noob with composer and phpunit stuff.

Main source of problem: oauth2-client and guzzle breaking compatibility with PHP5.3 and PHP5.4

PHP5.3 oauth2-client 0.3 with additional patches (peterdd), guzzle 3.*
PHP5.4 oauth2-client 0.12.1, guzzlehttp ???
PHP5.5 oauth2-client 1.*, guzzlehttp &gt;=6.2.1
PHP5.6 oauth2-client @stable, guzzlehttp &gt;=6.2.1
PHP7 oauth2-client @stable, guzzlehttp &gt;=6.2.1

Any suggestions how to solve this?

Do we really have to maintain different flyspray source trees just with different composer.json files???
Or backport auth2-client to PHP5.3 and PHP5.4 and use our versions in composer.json (no manpower for this)

Also the oauth2 stuff is not tested at the moment, so OAuth2 for Flyspay could be broken for some PHP versions.

2320Backend/CoreBug ReportMediumcrypt() Raise E_NOTICE security warning if salt is omit...Unconfirmed
6107.12.201603.03.2017 Task Description

Hello together,

in php >= 5.6.0 you get a notice if you dont use a salt param.

we need to fix the else case in the function Flyspray::cryptPassword()

see the attached image for the error in the frontend.

2328Backend/CoreFeature RequestMediumAdd [key] support for each project instead of FS#Unconfirmed
1120.01.201710.02.2017 Task Description

Adding key support for each project instead of using the prefix FS#<task_id>

Let the administrator choose the key for project.

What’s a project key?
It prefixes each task in the project

2332Backend/CoreBug ReportMediumCSV export filename filteringNew
224.01.201724.01.2017 Task Description

The filename for the csv export is build based on project name and current date.

Due different handling of web browsers, the appropriate http header should send the filename in ascii and also provide them as utf-8 for web browsers who can handle that.

Related RFC5987

2338Backend/CoreBug ReportMediumExport tasks to csv has issuesUnconfirmed
102.02.201714.02.2017 Task Description

You cannot select the fields for export to csv. This means that the commentfield is always exported too. As this commentfield could contain quotes, comma’s etc (like people inserting copies of emails on an issue) it corrupts the output file and the file cannot be read by excel.

1487Backend/CoreFeature RequestLowLDAP(Active Directory) AuthenticationPlanned
1.1 devel91121.05.200827.09.2016 Task Description

I have done a very quick bit of work to bring ldap (through active directory) authentication to flyspray for our implementation in the office. I hope it will be of use to others. There is a readme.txt inside talking through the process and the patch to apply. My plan is to expand on this and make it part of the setup process but this will take a bit longer.

1521Backend/CoreFeature RequestLowAssignees should be able to see and create reminders fo...Unconfirmed
22.11.200818.04.2009 Task Description

In version (unfortunately I couldn't select this version in the dropdown list on the left), reminders can only be created and edited by Admins and Project Managers. I recommend to give Assignees the permission to create reminders for themselves. To minimize any programming impact, his may be done as part of the "edit own tasks" permission.

This topic has been reported by Engie as part of Bug #713 for version 0.9.8 as well: "Also it would be useful if a user could create reminder for himself." Although that bug is already closed ("fixed in devel"), this part is not yet solved in the current version.

1529Backend/CoreBug ReportLowInactivity-close doesn't work, bug is left openMaybe
2.0207.01.200924.09.2015 Task Description

If you define an inactivity-close value in hours/days (haven't tried weeks) the bug is still open when the time expires.

1539Backend/CoreFeature RequestLowSitemap.xml GenerationUnconfirmed
2.12112.01.200911.03.2015 Task Description

I would like the feature to have a sitemap.xml file be generated, say every xx days, set in the configuration.

1612Backend/CoreFeature RequestLowAllow Comments by anonymous UsersUnconfirmed
2.02120.10.200917.01.2013 Task Description

I would love a option to allow anom users to write comments! Maybe with CAPCHA...
I allow anom users to report bugs, but when I have a question to this bug, or the reporter wants to make a additions, he has to register...

I tried hacking it in the core: In the class.user.php at the end of the get_perms method I added:
$this→perms[$proj_id]['add_comments'] = 1;

But I has nothing changed. The I removed the check if the user had the right to make a comment in the template file, now I have a comment field for everyone, but anom user get a error message saying, that they should enter a comment... I searched a lot in the core files, but I donĀ“t find the point where the comment a written in the database... I would a great help if you could give at least a hint :)

Another thing i tried was changing the user contructor, that every user with a negative ID get the ID 2, witch is a special "anom" user. But then you could not log out, a the admin not in...

Here the link to my site:

1720Backend/CoreFeature RequestLowBetter Access Control Lists and User / Group ManagementPlanned
1.1 devel301.05.201220.03.2015 Task Description

We need to have a better way to do user rights, group rights and manage users.

Here is what I am thinking, global administration can go to a ACL tab. Click on it and you have a simple way to add a new user / group. Two tabs on top are User Rights and Group Rights. These are global so each project will inherit the global setting for user / group.

Clicking on User Rights tab will lists users with a table to grant user rights. Specific to that user, it would be the same for group rights tab.

You can also search by a user name. This will make things faster to find that specific user.

Showing tasks 1 - 50 of 261 Page 1 of 61 - 2 - 3 - 4 - 5 - Last >>

Available keyboard shortcuts


Task Details

Task Editing