Flyspray - The bug killer!

This is the Bug Tracking System for the Flyspray project. This is not a demo!

2019-04-22: Flyspray 1.0-rc9 released See

ID Category Task Type Severity Summary Status Progress Assigned To Due In Version  desc Opened Last Edited
2188Backend/CoreBug ReportVery LowIt should not possible to relate a task to itselfNew
01.08.201601.08.2016 Task Description

Flyspray should show a warning, and maybe set the focus back to the field (only when it is a this-one-field-only-form.)

2193User InterfaceFeature RequestLowEdit a comment while seeing task details and other comm...New
07.08.201608.08.2016 Task Description

If someone with ‘edit comment’-permission wants to edit a comment, the edit comment form is shown on an extra page.

This is not optimal, because the editor cannot see task details or the other comments while modifying the comment.

Possible Solutions

  • with javascript is enabled: Stay on the ‘task detail’-page, just the comment changes from a ‘view’ layout to ‘edit’ layout, similiar to the quickedit-feature (like in FS1.0).
  • when javascript is disabled: The ‘edit comment’-page shows task details (check permissions) and other comments too, but maybe a bit narrow, so ‘visible focus’ is on editing the comment.
2215Text RenderingBug ReportLowwrong output of Geshi syntax highlighting for xml codeNew
117.10.201631.12.2017 Task Description

Geshi from is quite slow at the current integration of Flyspray v1.0-rc3 on the first run. (But any further read uses the cache.)

But it produces garbled output for xml code highlighting:

Example without xml, just format as preformatted code:


Or as php syntax highlighting (even if it doesn’t contain a real php-tag ;-) ):


Example with xml choosen as language:


The table tag is stripped away instead of converting the tag for output inside code/pre tags (by converting the < and > chars). Maybe just a configuration issue?

2308User InterfaceFeature RequestLowimprove user management for adminsNew
127.10.201613.02.2017 Task Description

The register spam by probably bots in 2016 is annoying.

I ticked the setting, that an admin must accept a new registration. It helps to reduce spam task, but now admin must decide if the registrations are ok or just spam bots.

Beside the need of antispam-plugins, the management of users can be improved:

  • column sorting of user list, similiar to the tasklist
  • filtering user list, similiar to the tasklist
  • pagination of user list (25,50,100,200,all?)
  • more columns like ‘last login’, ‘last activity/tasks/comments created/votes/edit’ that may help to decide what status or settings a user should have in future.
  • show time zone setting and language setting of users implemented in userlist now
  • mass accept/deny of a list of user registrations waiting for admin approval.
2322User InterfaceFeature RequestMediumMention SystemNew
7107.12.201619.10.2019 Task Description

Hello together,

it would be nice, if you could mention user in your ticket or comment which are not following the task.
for example when i will type @nickname, the user “nickname” should be get a e-mail that he is mentioned in the ticket.

(if we are “fancy” then we can print a automcomplete after the @-sign ist typed)

2325User InterfaceFeature RequestLowbig image attachments: fit to browser window width in L...New
310.01.201711.01.2017 Task Description

Maybe this is not an issue, but my problem is: upload images approximately 3000 px x 2000 px and this image appears larger than the monitor
is it possible that the image is automatically resized to 800 px x xxx px size

(reported by Ivan Cilic)

2332Backend/CoreBug ReportMediumCSV export filename filteringNew
224.01.201724.01.2017 Task Description

The filename for the csv export is build based on project name and current date.

Due different handling of web browsers, the appropriate http header should send the filename in ascii and also provide them as utf-8 for web browsers who can handle that.

Related RFC5987

2337DocumentationInformationLowFlyspray ThemesNew
402.02.201716.02.2017 Task Description
  • Flyspray 1.0 includes 1 default theme CleanFS. That decision was made to reduce maintainance effort and the old blue theme was dropped. Also the CleanFS contains UI-logic implemented in HTML/CSS and tries to be usable even for the people who turned off javascript in their web browsers for security reasons. (and reduces spam on many other websites too without an adblocker)
  • Current Flyspray source and the theme CleanFS provides several methods to customize the layout without touching the .tpl files. These are:
    1. custom_*.css files that extend or overwrite properties of CleanFS/theme.css
    2. 2 fields in admin area where to put code

      For instance a corporate footer menu or something like that.

Advantages of CleanFS instead running your own

  • Theme is maintained with Flyspray source. Detected security issues related with themes are fixed with Flyspray releases.
  • Added features or capabilities are implemented for the default theme.

‘Subtheme’ can be a compromise: Theme CleanFS is always uptodate in sync with Flyspray. Subthemer only needs to check changes required for own subtheme .tpl files.

I do not want complete stop people from writing their whole new template, it allows new ideas implemented or alternative usability. For them, it is probably better to create a Github project for that theme.

This is just raw info from me and can be discussed. Something should be finally written on in the documentation area.

2436Backend/CoreBug ReportLowdokuwiki renderer creates nonunique html-id for h1,h2,h...New
202.08.201702.08.2017 Task Description

The dokuwiki renderer automatic creates for each h(1-6) tag an html id attribute, but doesn’t ensure that this:

  • is not used by Flyspray templates
  • is unique across all tasks (tasklist summary/description mouseover!), id must be unique on a webpage.

Example: id=”footer” and id=”title” are used by the default CleanFS template for example.








The original intention I think is to make dokuwiki content each h-section linkable, for instance by a “table of contents” at top of a wiki content page.
This is currently not used by the dokuwiki integrated in Flyspray, but could be in future.

Possible solution

Add the task_id to the generated id h(1-6) tags, for instance “d1234_footer” “d1234_title”

d - like description

(t1234 used for tags/labels id currently)

2439Backend/CoreFeature RequestLowClone a ProjectNew
15.09.201715.09.2017 Task Description

There is a request for cloning a project on Flyspray mailing list:

Would be a very welcome features to have Project Templates for repetitive workflow. Any idea if its in the pipeline?

Well, not yet.

The question is, how exactly you want that project clone.

Do you want just a rough copy of the project table entry?
Thats quite easy and can even be done without programming or writing a line of SQL just by using PHPMyAdmin (or similiar Tools for PostgreSQL) and copy a row of the project table for example.
See yellow marked project table on the right of the attached dbschema screenshot.

The other extreme is copying every project depending list table entries to new ones.
This sure requires some programming, but not too hard to add this to Flyspray. (all yellow marked tables in the attached dbschema screenshot.

I attach a rough form mockup how could this could look like.

Possible solution

  1. add a new file scripts/ folder for instance copyproject.php (check admin permission)
  2. add a template file to themes/CleanFS/templates/copyproject.tpl
  3. Set a link to that clone form page somewhere, for example on the toplevel page of a project (see screenshot)
  4. Handle the adminuser (or add a clonepermission for that project manager usergroup) submitted form careful and savely either by includes/ (or like scripts/copyproject.php to keep it seperate from core)

The link to the clone form looks then ?project=123&do=copyproject

2440Backend/CoreFeature RequestLowOption to disable tag featureNew
15.09.201715.09.2017 Task Description

There is a wish on the Flyspray mailing list:

Is there a way of hiding the TAGS input field from the Add New Task form?

If it is just hiding on that form, there are several options to achieve this (from simple to complex)

A) Hide by CSS

Add that rule to themes/CleanFS/theme.css CSS file:


B) Hide by CSS (better)

Add a rule to a custom_*.css, for instance themes/CleanFS/custom_mytheme.css


and choose custom_mytheme.css in your project settings.

D) Edit themes/CleanFS/templates/newtask.tpl directly

and remove the whole div-tag with id=”edit_tags” (all between ‘<div id=”edit_tags>”’ and its closing ‘</div>’ (not recommended)

E) Use a custom template

  1. Create a folder in themes/, for instances themes/mynotagtheme/
  2. Only copy themes/CleanFS/templates/newtask.tpl to themes/mynotagtheme/templates/newtask.tpl
  3. Make the changes to that newtask.tpl like in B) (custom theme not overwritten by Flyspray Updates if you keep or backup your themes/mynotagtheme/ folders, but requires review if something has changed within themes/CleanFS/templates/newtask.tpl between version updates)
  4. Choose your mynotagtheme as project theme. All other files fall back to default themes/CleanFS/

(not tested, but thats the way it should work with current Flyspray 1.0-rc5)

D) Nag or caress someone

to finish tag feature for Flyspray with options/permissions to turn it off per project or project group or something like that.

This would effect not only that newtask form but all places where that options should kick in (listing tags in tasklist, tasklist filters etc)

2441Backend/CoreBug ReportMediumrefactor dokuwiki image tagsNew
15.09.201715.09.2017 Task Description
I’ve tried inserting an image in the intro message but it doesn’t show. Is there something broken in the file? Seems unlikley because it’s so old but can’t work out why nothing shows.

I had to disable some parts last year within dokuwiki quickly due sever reported security issues in that area.

As tradeoff embedding images currently don’t work within dokuwiki textareas in Flyspray.

As I too wish that feature reappear working for my projects, this is on my personal list. But requires focused free time because must be made secure.

Maybe instead of using fetch.php of dokuwiki, we can use Flypsray’s ?getfile=id , which also checks permissions.
But must check also securly file types and maybe resize images to fit into the desired page (thumbnails).

2444Installer and UpgraderInformationLowcomposer hits memory limitsNew
04.10.201704.10.2017 Task Description

Quick anwser: enable swap partition on your server.

Tried upgrading a rc4-dev to rc5-dev/rc6/flyspray-master on a virtual server with 500MB RAM and php5.6.30 on the commandline (debian)

After file upgrade, I wanted also update the vendor stuff according to composer.json changes.

But surprisingly this failed:

php composer.phar update

and also after

php composer.phar selfupdate

to version Composer version 1.5.2 2017-09-11 the memory limit bug exists:

The following exception is caused by a lack of memory or swap, or not having swap configured
Check for details

PHP Warning:  proc_open(): fork failed - Cannot allocate memory in phar:///var/www/***/composer.phar/vendor/symfony/console/Application.php on line 979

Warning: proc_open(): fork failed - Cannot allocate memory in phar:///var/www/***/composer.phar/vendor/symfony/console/Application.php on line 979

  proc_open(): fork failed - Cannot allocate memory

Also doing a more fresh vendor install like

rm composer.lock
rm vendor/*
(keeps the .htaccess there)
php composer.phar install

300 MB not enough for a handful of php package installations? wtf, but didn’t dig deeper..

I temporarly solved the problem by making a swap partition on this vServer like suggested at

/bin/dd if=/dev/zero of=/var/swap.1 bs=1M count=1024
/sbin/mkswap /var/swap.1
chmod 600 /var/swap.1
/sbin/swapon /var/swap.1
             total       used       free     shared    buffers     cached
Mem:        506300     374920     131380      30628      21904     143872
-/+ buffers/cache:     209144     297156
Swap:      1048572          0    1048572

This is just documentation and is for the people who prefer a Flyspray development version from

Full Flyspray release download files do not needs to fiddle with composer.

Maybe an entry for the FAQ

2454Backend/CoreBug ReportLowPHP warning in admin edit user areaNew
15.01.201815.01.2018 Task Description

Since PHP7.2 shows a warning in admin area ?do=admin&area=users&user_id=1234567890, when user_id is set, but no alternative user_name parameter.

Probably related to scripts/admin.php

$id = Flyspray::UserNameToId(Req::val('user_name'));
if (!$id) {
  $id = Req::val('user_id');
2531TranslationsFeature RequestLowdetect usage of translation keywordsNew
110.01.201919.03.2019 Task Description

Some translation keywords of Flyspray are used at more than one code location.

To help translators doing the correct translations, it would help to show in what context a translation keyword is used.
Especially when a keyword is used more than once.

As we have our own translation helper integrated into Flyspray, we could show a ‘translation keyword usage counter’ there and maybe show on request in which file
a translation keyword is used.

It would also help to identify ‘abandoned’ translation keywords that are not used anymore by Flyspray source.

Also it would help to identify when a translation is used at more than one location with maybe different context.

I think we can use a regular expression and scan the whole Flyspray source for that.
(and maybe database entries if there are places that have translation keywords stored - I don’t think so, but better check that too first than forget that case)

The regular expression should match that examples case insensitive for the translation keyword report:


but also ugly cases like
l(    'report'
El ( "report"

case insensitive.

But not for example

2535Backend/CoreFeature RequestLownew optional Flyspray setting: add new users automatica...New
216.01.201921.01.2019 Task Description

When a Flyspray installation allows user self registration and has public but also more private projects, this feature could make the required configuration more clear:

In this case, keep the number of global user groups as low as possible and the global user group for basic or just registered users has only the ‘can login’ permission and nothing more.
Because that only would be useless for new registered users, adding them also to a basic user group of a public project could be useful.

So my suggestion is:

A new optional global setting: Something like ‘default project user group’ (store 2 values: a project_id and a group_id). Validity of that setting must be checked during any user registration, so that project must exists now and at later time as also that project user group within that project. (’Checks’ of admin prefs)

So it would be like this for a new registered userA:

  1. userA is in a basic default global user group: only login permission to handle his account registration (login, logout, user preferences, password forgotten)
  2. userA is in project X default user group: some basic permissions you want allow for every (new) registered user in project X
  3. project Y: all ‘allow anyone ...’-settings are unchecked, userA not in any user group of project Y

The setting is probably best put below the ‘Default global group for new users’ setting in the global admin prefs tab #userregistration as

Either: A dropdown list with all public projects with an existing user group and dependend on the selection the available basic project groups are loaded by ajax as a select list too.

Or: Only one dropdown list that contains a list of public projects with possible project user groups. Would not require extra ajax calls and is maybe enough because we could exclude project groups that have project manager permission or such configuration nobody would allow new registered users.

no default project user group
public projectA - simple user groupA1
public projectA - simple user groupA2
public projectB - simple user groupB
public projectC - simple user groupC

This idea could be enhanced further (put the new user to multiple public projects when he registers or let user choose from public allowed projects during registration process), but lets start simple.

2536Backend/CoreFeature RequestMediumstore session in Flyspray databaseNew
221.01.201915.03.2019 Task Description

Currently the sessions are stored by the webservers default settings.

Having this sessions under control by Flyspray by storing it in the database has following advantages:

  1. Allows handling of all sessions of a user by Flyspray.
  2. Providing a session management for each user. The user can see on which devices he is currently logged in and could also force a logout on selective devices.
  3. A forced logoff of all or some user sessions is easy implementable for admins.
  4. Statistics about how many users and who is logged in. (user status: hide always, online, offline, do not disturb, ..)
  5. Could make onpage-notifications easier to implement.
  6. .. ?


  1. A potential unknown security bug in Flyspray that could lead to reading a session db table could leak informations like who is currently online/active and make further attacks more focused or makes session takeover easier.
  2. .. ?
2548User InterfaceFeature RequestLowCSS grid layout for task details page typeNew
05.05.201905.05.2019 Task Description

Layouts from 320 pixel mobile portrait, tablet sizes and up to 4k monitor landscape mode using

@media queries

Mockups required not only for different sizes, but also different project configurations, user permissions, and task relations.

Should look ok whatever project configuration is done or how weird a task description is.

On wider screens the comments could be beside the task description for instance.
Or some tabs or menus could be shown directly instead of grouping in the tabs.

2553User InterfaceTODOLowintelligent accesskey shortcut helper dependent of OS, ...New
106.06.201929.07.2019 Task Description

The HTML accesskey attribute feature is differently accessible dependent of operating system, web browser and web browser configuration, and users keyboard layout and user language.

By taking advantage of the User-Agent HTTP header value provided by default by web browsers, Flyspray could better know of what kind of keyboard and browser the user sits in front off and show the key combinations for the accesskey feature that best fits the users environment.

2554User InterfaceTODOLowkeyboard shortcuts help box should adapt to current pag...New
06.06.201906.06.2019 Task Description

The shortcuts help infobox should adapt to the current page type.

So when in editing a task for instance, the n (next task) and p (previous task) shortcuts are not available for a good reason. Listing them there with same priority as other keys then is not helpful.

The simpliest solution is probably putting some if-statements depending on the $do variable into CleanFS/templates/shortcuts.tpl ..

2559Backend/CoreBug ReportLowa duplicate close accepted even when missing comment/ r...New
peterdd29.07.201929.07.2019 Task Description

Closing a task with selected close reason duplicate should warn when there is no comment or FS # id is given in the close comment text field.

The task is closed as duplicate without any further notice. The information to which task it is duplicate or a description (if the problem is logged/handled outside Flyspray) is lost.

Possible solutions

Frontend hints

  • variant F1 (soft): When duplicate as close reason is selected, a placeholder attribute in the close comment text field could be shown/updated. (maybe as ‘css only’ possible)
  • variant F2 (harder): Deny sending the form if duplicate selected, but comment text field is empty. and shows warning info. (javascript required, nojs browsers still send form.)
  • variant F3 (hard): Deny sending the form if duplicate selected and no task id detected in comment text field. and shows warning info. (javascript required)

Backend deny

  • variant B1 (soft): When request wants close a task with duplicate reason and (cleaned) comment string is empty, deny closing the task and give feedback to user why it was denied.
  • variant B2 (hard): It requires detecting a task id in the comment field and the first detected task id is taken for referencing as ‘is duplicate of’. Limitation of this is that the duplicate could be also a ticket or something of a complete other system.
2560Backend/CoreBug ReportLowdo not allow close task with reason duplicate referenci...New
peterdd29.07.201929.07.2019 Task Description

So closing a task



reason: duplicate

and close comment


referencing to self should be detected to avoid such user mistakes.

2572User InterfaceTODOLowadd link attributes ugc and nofollow to user generated ...New
13.09.201913.09.2019 Task Description

no task description

2573Backend/CoreTODOLowadd rel nofollow,ugc,.. settingsNew
peterdd114.09.201915.09.2019 Task Description
  1. Find a good configuration name just reuse relnofollow as used by dokuwiki
  2. Find a good translation keyword for that config relnofollow
  3. Find a good translation keyword for config description (title attribute)

Goes into prefs table as it is sitewide configuration.

As first implementation a simple checkbox should be ok. Should be on the tab with other spam handling stuff like captcha configuration.

Is enabled by default (1).
Adapt setup xml files, upgrade procedure.

2575Backend/CoreFeature RequestLowability to view and reset Flyspray default settingsNew
19.09.201919.09.2019 Task Description


Over the years the count of possible Flyspray configuration options has grown. Meanwhile there are ~60 global Flyspray settings stored in the prefs database table in contrast to only 14 entries of the 0.9.7 (not!) version from around 2005. But each configuration setting might add a little to the feeling of overwhelming when there are too much switches, buttons, checkboxes and probability of a misconfiguration raises due misunderstood or overseen settings.

But Flyspray still aims to be easy to use and work with while being accurate and customizable.


Having a way to view the description and default value of each option would probably give people administrating a Flyspray installation a better understanding of each setting and confidence in making good decisions for their use case.

With the flyspray-install.xml file within the setup folder we yet have an elegant solution that is waiting to unlock its power!

Unfortunately the setup/ folder requires (until now at least) to be removed after install or upgrade. So we need a way to keep the flyspray-install.xml of the installed version. A trivial way would be to copy it to the include/ directory after any install or upgrade, but also other solutions could be.

Keeping the flyspray-install.xml could making following features easier:

  • Reading default value of prefs setting. That could be shown for example as css title attribute /tooltip for each setting in the matching admin forms.
  • Reading default value and field description of any table field using the descr feature of ADOdb xmlschema03.
  • Comparing the real database structure with the table structures in flyspray-install.xml . This could be useful if someone extended or fiddled with database/tables to compare with official Flyspray releases. Or for developers to compare if an database upgrade went well and as intended.
  • Having the description of a setting or database field contained within the flyspray-install.xml is good at one place and the information is not spread around like in an external manual/wiki that maybe get unmaintained, not in sync with the application or get even lost over the years.
  • Using the xml format makes a migration easier (in a broader context, to Flyspray or away from Flyspray)
  • Using the descr tag could be used to hold information which field(s) of a database table is/are foreign key field(s) pointing to primary key field(s) of another table, even if ADODB xmlschema03 does not support it yet. Would generating database schema diagram directly from flyspray-install.xml possible. (instead of manually painting it that gets outdated when structure changes)

Things to take care:

  • ADOdb and xmlschema03 does not handle table comments and field comments yet. The descr tag so is there only used when looking into the .xml file, but it does not appear in the real database schema. To make this happen, there is a good portion of contribution to the ADOdB project required (making pull request, but also get them reviewed, tested, accepted and released with a ADOdb stable release)
  • ADOdb xmlschema03 does not define or handle foreign key constraints. Adding that would require a substantial amount of constribution to get it working reliable for all supported databases that could use foreign key constraints.
  • limits of table comment length, field comment length depend on database type and database version
2577User InterfaceFeature RequestVery Lowdistinguish between anonymous reporter and deleted userNew
2581User InterfaceFeature RequestLowreplace bitmap icons of default themeNew
2585User InterfaceTODOMediumUpgrade CKEditor to 4.13New
2606Database QueriesFeature RequestLowduedate column sort asc in tasklist should put unset du...New
2316Backend/CoreBug ReportLow"wrongtoken" is displayed if the comment box is left si...Assigned
2601Public RelationsFeature RequestMediumhttp -> https missing redirection (19-04-09)Assigned
Florian SchmitzCristian Rodríguez R.221.04.202002.05.2020
1856Backend/CoreBug ReportMediumWrong timezonesResearching
1957User InterfaceFeature RequestLowautomatic temporary storing while writing/editing taskResearching
2119Backend/CoreBug ReportMediumfunction filter_input not always availableResearching
2190Backend/CoreFeature RequestLowenable move of a closed clask to other project without ...Researching
2522Backend/CoreFeature RequestLowemail vs username login issuesResearching
1844TranslationsFeature RequestLowCzech translateWaiting on Customer
2496EmailBug ReportLowNotification Mail - Link to the task invalid when quick...Waiting on Customer
2596EmailBug ReportLowInvalid link in notification HTML part of eMailWaiting on Customer
2602DocumentationFeature RequestLow instead of https:/...Waiting on Customer
2603Backend/CoreBug ReportVery Low Psi XMPP client (19-04-09)Waiting on Customer
2303User InterfaceFeature RequestVery LowHome screen for private flyspraysRequires testing
2318Installer and UpgraderBug ReportLowsyntax_plugin required when selected ckeditor in SetupRequires testing
1791Backend/CoreFeature RequestMediumAbility to merge version, OS, etcSuspended
2122Backend/CoreBug ReportMediumopen_basedir restrictions for FS_CACHE_DIR not respecte...Suspended
2208Backend/CoreInformationLowSeverity "medium" by defaultSuspended
2111Installer and UpgraderBug ReportMediumUpon trying to install flyspray release, setup says I'm...Planned
2134Backend/CoreBug ReportHighCannot assign a task to other projectPlanned
2014Database QueriesFeature RequestVery LowAdd MS SQL Server as database backendMaybe
2064NotificationsFeature RequestLowDeadline Alert - so Flyspray can send notifications som...Maybe
Showing tasks 251 - 300 of 316 Page 6 of 7

Available keyboard shortcuts


Task Details

Task Editing