make a option in configuration file

me need set same $db1→set_charset(’utf8mb4’); for my MySQLi

have a problem with national letters

I see this error after i try enter national letters to the summary input text field for create new task

Query {UPDATE `flyspray_tasks` SET project_id = ?, task_type = ?, item_summary = ?, detailed_desc = ?, item_status = ?,
 mark_private = ?, product_category = ?, closedby_version = ?, operating_system = ?, task_severity = ?, task_priority = ?, 
last_edited_by = ?, last_edited_time = ?, due_date = ?, percent_complete = ?, product_version = ?, estimated_effort = ?
 WHERE task_id = ?} 
with params {1,1,тестовая задача,<p>sdfsdfdsfsd</p> ,2,0,4,0,1,2,4,1,1441344777,0,0,1,0,2} Failed!
(Incorrect string value: '\xD1\x82\xD0\xB5\xD1\x81...' for column 'item_summary' at row 1)

Spammers have found a way to bypass the block on user registration and cause entries to be inserted into the registrations table in the database. I have 30+ of them in there right now, all inserted within the last 2 days. I’ve had user registrations disabled for 2 weeks now because of an onslaught of spammers who won’t leave us alone. Flyspray has insufficient safeguards against them so when this happens I have little choice.

I don’t have any idea how, but these entries in the registrations table are resulting in emails being sent out to these accounts that are bouncing because the spammers are on domain blocklists for forging their DNS responses.

Something needs to be done about this, because if they can insert phantom entries into this database table via the code, what else could they be doing that we haven’t spotted yet?

At work, we would need to be able to do extractions from the list of regular Flyspray tasks. Have you the ability to integrate this functionality into the interface later.

• Use github releases for the release? peterdd: Yes, currently only source releases without 3rd party vendors.

The Flyspray 1.0alpha1 .zip file release unzips directly to the current directory.

.zip files from github unzip to it’s own directory (flyspray-master.zip unzips to flyspray-master/ ). This is a bit safer, because you cannot accidently mess your directory structure with it.

• The release should contain the binary fontawesome files instead of linking to the external CDN. Removes one dependency/singlepointoffailure. How this can be configured for automation? included in Flyspray source now.

• document how a release is exactly created. (consistency, reliability, automation, knowledge sharing for maintainers see below )

• Get in contact with os distributions, that could add Flyspray releases to their repositories (*BSD, Linux distributions, ..) This repositories could add the dependencies like ADODB within the packages (.rpm, .deb,..)

• Get in contact with web hosting providers who provide integreated 1-click installs of software for their web hossting customers.

• Get in contact with container builders (docker, ..)

Steps how to do a Flyspray release (since Flyspray 1.0 RC)

Quick anwser: enable swap partition on your server.

Tried upgrading a rc4-dev to rc5-dev/rc6/flyspray-master on a virtual server with 500MB RAM and php5.6.30 on the commandline (debian)

After file upgrade, I wanted also update the vendor stuff according to composer.json changes.

But surprisingly this failed:

php composer.phar update

and also after

php composer.phar selfupdate

to version Composer version 1.5.2 2017-09-11 the memory limit bug exists:

The following exception is caused by a lack of memory or swap, or not having swap configured
Check https://getcomposer.org/doc/articles/troubleshooting.md#proc-open-fork-failed-errors for details

PHP Warning:  proc_open(): fork failed - Cannot allocate memory in phar:///var/www/***/composer.phar/vendor/symfony/console/Application.php on line 979

Warning: proc_open(): fork failed - Cannot allocate memory in phar:///var/www/***/composer.phar/vendor/symfony/console/Application.php on line 979

  [ErrorException]
  proc_open(): fork failed - Cannot allocate memory

Also doing a more fresh vendor install like

rm composer.lock
rm vendor/*
(keeps the .htaccess there)
php composer.phar install

300 MB not enough for a handful of php package installations? wtf, but didn’t dig deeper..

I temporarly solved the problem by making a swap partition on this vServer like suggested at
https://getcomposer.org/doc/articles/troubleshooting.md#proc-open-fork-failed-errors

/bin/dd if=/dev/zero of=/var/swap.1 bs=1M count=1024
/sbin/mkswap /var/swap.1
chmod 600 /var/swap.1
/sbin/swapon /var/swap.1

free
             total       used       free     shared    buffers     cached
Mem:        506300     374920     131380      30628      21904     143872
-/+ buffers/cache:     209144     297156
Swap:      1048572          0    1048572

This is just documentation and is for the people who prefer a Flyspray development version from github.com

Full Flyspray release download files do not needs to fiddle with composer.

Maybe an entry for the FAQ

There is a wish on the Flyspray mailing list:

Is there a way of hiding the TAGS input field from the Add New Task form?

Alan

If it is just hiding on that form, there are several options to achieve this (from simple to complex)

A) Hide by CSS

#edit_tags{display:none;}

B) Hide by CSS (better)

#edit_tags{display:none;}

D) Edit themes/CleanFS/templates/newtask.tpl directly

E) Use a custom template

D) Nag or caress someone

I’ve tried inserting an image in the intro message but it doesn’t show. Is there something broken in the formattext.inc file? Seems unlikley because it’s so old but can’t work out why nothing shows.

Alan

I had to disable some parts last year within dokuwiki quickly due sever reported security issues in that area.

As tradeoff embedding images currently don’t work within dokuwiki textareas in Flyspray.

As I too wish that feature reappear working for my projects, this is on my personal list. But requires focused free time because must be made secure.

Maybe instead of using fetch.php of dokuwiki, we can use Flypsray’s ?getfile=id , which also checks permissions.
But must check also securly file types and maybe resize images to fit into the desired page (thumbnails).

Hello together,

in php >= 5.6.0 you get a notice if you dont use a salt param.
(see: http://php.net/manual/en/function.crypt.php)

we need to fix the else case in the function Flyspray::cryptPassword()

see the attached image for the error in the frontend.

My workplace is piloting Flyspray for an internal project and one feature that my boss was asking about was the ability to clone tasks and projects.

We have reoccurring simultaneous projects that contain a large number of testing tasks, and tasks dependent on other tasks, which makes starting up a new project very tedious. If it was possible to clone the contents of a task, or an entire project, we could create template tasks/projects that would really speed up the workflow.

There is a request for cloning a project on Flyspray mailing list:

Would be a very welcome features to have Project Templates for repetitive workflow. Any idea if its in the pipeline?

Thanks

Well, not yet.

The question is, how exactly you want that project clone.

Do you want just a rough copy of the project table entry?
Thats quite easy and can even be done without programming or writing a line of SQL just by using PHPMyAdmin (or similiar Tools for PostgreSQL) and copy a row of the project table for example.
See yellow marked project table on the right of the attached dbschema screenshot.

The other extreme is copying every project depending list table entries to new ones.
This sure requires some programming, but not too hard to add this to Flyspray. (all yellow marked tables in the attached dbschema screenshot.

I attach a rough form mockup how could this could look like.

Possible solution

The dokuwiki renderer automatic creates for each h(1-6) tag an html id attribute, but doesn’t ensure that this:

• is not used by Flyspray templates
• is unique across all tasks (tasklist summary/description mouseover!), id must be unique on a webpage.

Example: id=”footer” and id=”title” are used by the default CleanFS template for example.

footer

title

title

title

Possible solution

Hello,

Can you tell me which file to modify to increase the size of the attachments? Currently limited to 2mb. I would like to authorize 4mb

Thank you

Julia LECLERC

When saving the tag list at admin and project area, the ordering of the tags must be recalculated.

So it is not more legal to have a list ordering like (0,0,0,1,3,4,7)

That should be recalculated and stored as (1,2,3,4,5,6, 7) (or 0,1,2,3,4,5,6)
currently in file includes/modify.inc.php

Why?

Alternative

        /**
         * load all tags into array
         *
         * compared to listTags of class project, this preloads all tags in flyspray database
         * ideally maximal called once per http request, then using the array index for getting info
         *
         * @return array
         */
        public static function getAllTags()
        {
                global $db;
                $at=array();
                $res = $db->Query('SELECT tag_id,project_id,list_position,tag_name,class,show_in_list FROM {list_tag} ORDER BY list_position ASC');
                while ($t = $db->FetchRow($res)){
                        $at[$t['tag_id']]=array(
                                'project_id'=>$t['project_id'],
                                'list_position'=>$t['list_position'],
                                'tag_name'=>$t['tag_name'],
                                'class'=>$t['class'],
                                'show_in_list'=>$t['show_in_list']
                        );
                }
                return $at;
        }

function tpl_draw_cell($task, $colname, $format = "<td class='%s'>%s</td>") {
  global $fs, $db, $proj, $page, $user, $alltags;
...
  case 'summary':
...
    if($task['tagids']!=''){
                        # if global $alltags are yet undefined, preload the tags now.
                        if(!is_array($alltags)) {
                                $alltags=$fs->getAllTags();
...
 foreach($tagids as $tagid){
                                $tgs.='<i class="tag t'.$tagid
                                        .(isset($alltags[$tagid]['class']) ? ' ' .htmlspecialchars($alltags[$tagid]['class'], ENT_QUOTES, 'utf-8') : '').'" title="'.htmlspecialchars($alltags[$tagid]['tag_name'], ENT_QUOTES, 'utf-8').'"></i>';
                        }

See attachment.

Is there any “ready” SQL query file to delete all tasks and start again ? (without deleting projects, project settings, categories, task types, tags, task statuses etc...)

/index.php?do=admin&area=prefs

There’s a checkbox on this menu to toggle whether admins get notices for new user registrations or not. Ours is off, but I’m still getting those notices.

Correct or wrong code return false!

The results of Securimage Test Script on my server

This script will test your PHP installation to see if Securimage will run on your server.

Session Functionality: Yes!
GD Support: Yes!
GD Version: bundled (2.1.0 compatible)
imageftbbox function: Yes!
TTF Support (FreeType): Yes!
JPEG Support: Yes!
PNG Support: Yes!
GIF Read Support: Yes!
GIF Create Support: Yes!
SQLite Support: Yes!
SQLite is available. If you choose to use it, Securimage can support users who do not accept cookies.
MySQL Support: Yes!
MySQL is available. If you choose to use it, Securimage can support users who do not accept cookies by storing codes in MySQL.
PostgreSQL Support: No
No PostgreSQL support.
LAME MP3 Support: No
LAME was not found, audio will work in WAV format, but not MP3. See Securimage HTML5 audio documentation for info.
Your server meets the requirements for using Securimage!

on modify.inc.php line:754 got

if( !Post::isAlnum('captcha_code') || !$image->check(Post::val('captcha_code'))) {

if( true == false || false == false ) {

So, there would be great option if we can set permission to users to see and post only in specific opened projects in bug tracker.

Idea is, that user has all right to all projects, but in some cases we want that user can see only projects which is allowed and also to publish new tasks to only allowed projects.

In that case tasks overiew is locked and user must be logged in to see opened tasks.

Problem: https://github.com/Flyspray/flyspray/pull/552

The button ‘My assigned tasks’ should search only by userid, not in username or realname with the LIKE ‘%...%’ operator.

Currently the button is using the same as doing an advanced search filling the ‘Assigned To’ input field. (currently ‘dev’ param) But that search param searches in userid, username and realname.

There are several solutions possible:

• We do not use the dev-urlparam ?do=index&project=1&dev=123 that would list also assignees with username dude123 or dude123blabla. Instead use for instance ?do=index&project=1&mytasks or ?do=index&project=1&devid=123
• ...

Needs some planning, thinking to keep it simple/solid.

Hey peterdd,

I was wondering: is there a standard URL for “My tasks”? I have an internal website and I would like to create a menu with a few submenus (Add task and My tasks) that link to FlySpray. However if I place the URL for My Tasks (being logged in with my user account), and copy this link to the menu, all others that click the submenu My Tasks, are seeing the tasks that where opened by me or where I am assigned, not that user that is connected on Flyspray with his account on his PC.

So that’s why I am asking for a generic URL of My Tasks, so I can place it on this middle-site?

Thanks

Currently all attached files get renamed (like “screenshot331.png” → “attachments/14_72a4ca580abcdef69f60b1f”) and they could be downloaded only throught the php script (”/index.php?getfile=1234”) which requires that user must be logged in to view the file.
It is not very convenient when you need to show a file to some person who is on mobile phone at the moment or using not a work computer. Also sometimes you might need to share a file with anyone without having them to register at your bug tracker.

I suggest you to add a checkbox like “create a direct link” when uploading a file, which will save the file with original name and extension but adding some random generated prefix (like “screenshot331.png” → “attachments/14_72a4ca580abcdef69f60b1f.screenshot331.png”).

However this poses a high security risk so there should be a list of allowed file extensions (e.g. “jpg,png,txt,pdf,doc,zip”) - only these files could be saved with the original extension. This list should be accessible by the main administrator only, thus the safest option would be storing it inside the “flyspray.conf.php”.

I prepared Slovenian translation.
File is in attachment.
You can freely add to release.

If i set up a custom css in the main FS settings the style doesn’t get applied to all nested projects. I have to set the css to all projects explicitly to get the stylings work on all project pages.
Wouldn’t it be a good idea to first load the css set in the main dialog and after that load an additional css specified in the sub project? Then it would be possible to specify general stylings for all projects and project based stylings also.

Because the hr tag is allowed in the new html comment editor it should be also allowed to display it in the ticket description.
class.tpl.php:875 –> just add it here

• Flyspray 1.0 includes 1 default theme CleanFS. That decision was made to reduce maintainance effort and the old blue theme was dropped. Also the CleanFS contains UI-logic implemented in HTML/CSS and tries to be usable even for the people who turned off javascript in their web browsers for security reasons. (and reduces spam on many other websites too without an adblocker)

• Current Flyspray source and the theme CleanFS provides several methods to customize the layout without touching the .tpl files. These are:
  1. custom_*.css files that extend or overwrite properties of CleanFS/theme.css
  2. 2 fields in admin area where to put code

     ?do=admin&area=prefs#lookandfeel

     For instance a corporate footer menu or something like that.

• Latest change in Flyspray’s github master enables a fallback to default CleanFS .tpl files if the .tpl file doesn’t exists in another theme-folder. https://github.com/Flyspray/flyspray/commit/baca7c441dbde9644b6cad73b93296a3977bf999 . This enables something like ‘sub themes’ if the wanted customization cannot be achieved by editing a custom_*.css file or the 2 admin pref fields mentioned above.

• Peoples are encouraged to improve the default CleanFS theme by discussing on https://bugs.flyspray.org or submitting pull requests on https://github.com/Flyspray/flyspray , even it is harder at first. (discussion, should work for everybody, every configuration, ..)

Advantages of CleanFS instead running your own

Good Morning,

I have this message error when I want configure SMTP Server :
Completely unexpected exception: Connection could not be established with host 192.168.0.10 [Permission denied #13]
This should never happend, please inform Flyspray Developers

My flyspray installs on CentOS v7. Postfix installs on the server but I don’t configure anymore.

Can you help me please

Julia LECLERC

You cannot select the fields for export to csv. This means that the commentfield is always exported too. As this commentfield could contain quotes, comma’s etc (like people inserting copies of emails on an issue) it corrupts the output file and the file cannot be read by excel.

The register spam by probably bots in 2016 is annoying.

I ticked the setting, that an admin must accept a new registration. It helps to reduce spam task, but now admin must decide if the registrations are ok or just spam bots.

Beside the need of antispam-plugins, the management of users can be improved:

• column sorting of user list, similiar to the tasklist
• filtering user list, similiar to the tasklist
• pagination of user list (25,50,100,200,all?)
• more columns like ‘last login’, ‘last activity/tasks/comments created/votes/edit’ that may help to decide what status or settings a user should have in future.
• show time zone setting and language setting of users implemented in userlist now

• mass accept/deny of a list of user registrations waiting for admin approval.

There should be some help at the configuration sections for setting up jabber/xmpp notifications.

How someone can test it?

Must the admin setup his own jabber/xmpp server or are there recommended servers?

I registered with psi+ instant messager as peterdd@ubuntu-jabber.de at ubuntu-jabber.de for testing
and configured it here in my account too, but got no jabber messages.

Email notifications works and I set up both sending.

I understand this is likely due to some sort of XSS protection, but the delay doesn’t appear to be long enough to be useful for a lengthy comment to be posted. I’ve now lost two detailed comments in our tracker because the software threw everything out and generated a meaningless error.

Further, attempting to do the normal thing and making the browser resubmit the page results in Flyspray throwing “Error #3” something something repeated action and causing a redirect to the homepage.

Surely there has to be a better way to handle this that doesn’t incur data loss?

Sometimes the emailing fails for a while with the message:

Completely unexpected exception: Expected response code 250 but got code “550”, with message “550 Bad HELO - Host impersonating domain name [mysite.nl] "
This should never happend, please inform Flyspray Developers

It useually simply works so actually I don’t know if it’s a flyspray issue or a hosting issue...

Adding key support for each project instead of using the prefix FS#<task_id>

Let the administrator choose the key for project.

What’s a project key?
It prefixes each task in the project

Pretty minor, but seems to show up regularly enough in our logs. The line in question:

$outfile = str_replace(' ', '_', $tasks[0]['project_title']).'_'.date("Y-m-d").'.csv';

I can’t see an option to set the default view after login. It always defaults to tasklist view when it would be useful to show the overview by default on login.

if a pdf is attached with commentit needs either be forced as download or open target _blank

Since Update to Flyspray 1.0 Beta2 all users can see every task in every project.

The rights were set up correctly in Flyspray 1.0 Alpha and worked just fine.

At first I thought month names were controled by jscalendar. But after restoring functionality of jscalendar ( FS#2226 ) I realized that month names are probably a native feature of Flyspray.

So month names need translation. Moreover, in Greek there should be grammatical cases used. For example October in Greek is Οκτώβριος (nominative case). But when you say “October 2” in Greek is “2 Οκτωβρίου” (genitive case). So month translation would require at least two strings for each month.

The filename for the csv export is build based on project name and current date.

Due different handling of web browsers, the appropriate http header should send the filename in ascii and also provide them as utf-8 for web browsers who can handle that.

Related RFC5987

I setup the default page to “roadmap” for a project, logged out, and it’s not possible to access the base url anymore. I chased the bug throughoutt the code and it seems that:

index.php calls scripts/roadmap.php at line 200:

if (!defined('NO_DO')) {
    require_once(BASEDIR . "/scripts/$do.php");
} 

and:

in scripts/roadmap.php, lines 11-13 redirect to base url:

if (!$proj->id) {
    Flyspray::show_error(25);
}

Just a minor thing, but it’s showing up regularly in the server logs. The code in the affected area is this:

	# FIXME what if we move to different project, but tag(s) is/are defined for the old project only (not global)?
	# FIXME what if we move to different project and tag input field is deactivated/not shown in edit task page?
	#   - Create new tag(s) in target project if user has permission to create new tags but what with the users who have not the permission?
	# update tags
        $tagList = explode(';', Post::val('tags'));  
        $tagList = array_map('strip_tags', $tagList);
        $tagList = array_map('trim', $tagList);
        $tagList = array_unique($tagList); # avoid duplicates for inputs like: "tag1;tag1" or "tag1; tag1<p></p>"
        $tags_changed = count(array_diff($task['tags'], $tagList)) + count(array_diff($tagList, $task['tags']));

We have some private Tasks in our FS-bugtracker to hide them from normal reporters. But we also have some external beta-testers in a betatesters-group and they should be able to see (and check) the private tasks without giving them a project manager status. So it would be good, if there is a switch in the group option to give specific groups the right to see private tasks.

On the user page

/index.php?do=user&area=users&id=*
or
/index.php?do=user&area=users&id=*&project=1
or
/index.php?do=user&area=users&id=*&switch=1 (project switch select)

an info could be shown how many votes a user has given.

Maybe show the tasks on mouse hover (:hover) if permission to view them exists.

Needs to be considered:

• Show count only for current project or all projects? (project param is optional on user page)
• counts of hidden, closed or restricted projects (user permission)
• How to handle votes of private tasks?
• Show votes of closed tasks too? (votes on closed tasks should don’t count for max votes per project)
• When personal “max votes per project” (open tasks) is active, this is of more value.

For example, say I no longer want 1.1, 0.9.9.8, 1.0.0, etc. So want to merge them all into one version 1.0. Same goes for OS, and others

Maybe this is not an issue, but my problem is: upload images approximately 3000 px x 2000 px and this image appears larger than the monitor
is it possible that the image is automatically resized to 800 px x xxx px size

(reported by Ivan Cilic)

Steps:

- Attach an image to a task.
- It shows as a link in your task (cf. screenshot “Screenshot from 2016-01-29 18-34-31.png”).
- Click on the link.

Result: it opens a “popup” with the image displayed in it. If the image is big, the popup is just so huge the image is not visible without boring horizontal and vertical scrolling (see “Screenshot from 2016-01-30 15-07-26.png” which shows what I see when I click the image link on my task).
I can’t even right click to download from the menu since I see no “Save Image As” item. (see Screenshot-no-save-image-in-menu.png).

My workaround was that if I drag and drop the attachment link in the address bar, I finally get the expected image, which I can finally save as! This workaround was hard to find, and I expect most people will just get frustrated of being able to view an image attachment, yet not save it locally.

I proposes the following:
- a small “download” icon next to the image link in the task for direct download (without preview).
- a “download” link/icon on the top-left of the image display popup (to download while previewing).

And as a side feature (maybe I should make a separate report?), I suggest that by default the image display popup constrains the image to the screen size, with a “see real size” link, so that you don’t get the popup with huge scrolling when opening a big image on a smaller screen.

Note: of course this issue does not appear with non displayable attachment. If I have a zip or a document, it proposes me to download it directly.

...
symfony/event-dispatcher suggests installing symfony/dependency-injection ()
symfony/event-dispatcher suggests installing symfony/http-kernel ()
guzzle/guzzle suggests installing guzzlehttp/guzzle (Guzzle 5 has moved to a new package name. The package you have installed, Guzzle 3, is deprecated.)
Package guzzle/guzzle is abandoned, you should avoid using it. Use guzzlehttp/guzzle instead.

we should show the category tree in the task list.
in the task we show the tree.

e.g. “Parent → Sub” instead of “Sub”

E.g. actual version, dueVersion, ...

Edit by peterdd: Topic was discussed earlier on https://github.com/Flyspray/flyspray/issues/130 (edit:It seems Jordan turned “issues” on github.com off in favor of bugs.flyspray.org)

The feature still exists but it is turned off until finished in a secure way. The possibility of sub and parent tasks requires many checks.

I’m trying to upgrade from 0.9.9.7 to 1.0-rc4 but the Upgrader stops with this message:

Query {UPDATE "tasks" SET detailed_desc = ?WHERE task_id = ?} with params {,400} Failed! (ERROR: invalid byte sequence for encoding "UTF8": 0xc3 0x3c)

Ubuntu 14.04.5 LTS
PostgreSQL 9.3.10

Hello together,

it would be nice, if you could mention user in your ticket or comment which are not following the task.
for example when i will type @nickname, the user “nickname” should be get a e-mail that he is mentioned in the ticket.

(if we are “fancy” then we can print a automcomplete after the @-sign ist typed)