Flyspray - The bug killer!

After I upgraded to version 1.0 (the upgrade was successful), flyspray only shows a white page (and the source in firefox shows, that the page is completely white).

Please help us finding the roots of these bugs!

Please report what you were exactly doing before this happend, report us your steps made, the used php version, used OS version, and such information.

Summary of TODO I found on the net:

• There is a very old project site of flyspray on sf.net . The info there should be updated or removed.

• Update info and keep an eye on http://alternativeto.net/software/flyspray/ from time to time.

• Keep an eye and update Flyspray info on wikipedia for example:
  • http://en.wikipedia.org/wiki/Bug_tracking_system
  • http://en.wikipedia.org/wiki/Comparison_of_issue-tracking_systems
  • http://en.wikipedia.org/wiki/Comparison_of_project_management_software
  • http://en.wikipedia.org/wiki/Comparison_of_help_desk_issue_tracking_software
  • http://de.wikipedia.org/wiki/Issue-Tracking-System

make a option in configuration file

me need set same $db1→set_charset(’utf8mb4’); for my MySQLi

have a problem with national letters

I see this error after i try enter national letters to the summary input text field for create new task

Query {UPDATE `flyspray_tasks` SET project_id = ?, task_type = ?, item_summary = ?, detailed_desc = ?, item_status = ?,
 mark_private = ?, product_category = ?, closedby_version = ?, operating_system = ?, task_severity = ?, task_priority = ?, 
last_edited_by = ?, last_edited_time = ?, due_date = ?, percent_complete = ?, product_version = ?, estimated_effort = ?
 WHERE task_id = ?} 
with params {1,1,тестовая задача,<p>sdfsdfdsfsd</p> ,2,0,4,0,1,2,4,1,1441344777,0,0,1,0,2} Failed!
(Incorrect string value: '\xD1\x82\xD0\xB5\xD1\x81...' for column 'item_summary' at row 1)

danoh on github wants to work on patch. Couldn’t find him here..

Since Update to Flyspray 1.0 Beta2 all users can see every task in every project.

The rights were set up correctly in Flyspray 1.0 Alpha and worked just fine.

I upgraded from 0.9.9 to 1.0-beta2 a few hours ago. I received an error about oauth during the upgrade (didn’t think to take a screenshot). In any case, the upgrade otherwise seemed to go smoothly. When I subsequently closed a few tasks people who weren’t assigned to receive notifications for those tasks, even old consultants whose account I had disabled years ago, received the email notification. I also received lots of bounced emails from accounts whose email addresses were no longer existant.

Has anyone else experienced this? I’ve gone into the database and null’d out the email addresses of old accounts to prevent further spam. Not only did it notify everyone who had an account (active or disabled) but it put their email address in the To: field for all to see.

Moving task to another project seems to require fields updated to target project options. This operation is not possible on the task category field and possibly others. Attempting to submit changes gives error:

“Oh, there are some incompatible properties set that must be resolved before moving this task to a different project.”

However, you cannot select a new value (from the target list) for the properties in question.

“Oh, there are some incompatible properties set that must be resolved before moving this task to a different project.”

Oh, but I am not moving the task to a different project. Just trying to edit my own submission.

“Edit this task” → “Save details”

See attached screen capture.

Flyspray does not recover the time set in php.ini. On display, the system has two hour delay.

Fatal error: Class 'League\OAuth2\Client\Provider\Github' not found in /html/bugs/includes/GithubProvider.php on line 11

I have downloaded this:
Precompiled with 3rd party libs for PHP5.6: flyspray-1.0-rc1_php56.tgz
and the file seems really dont exist.

I tried to upgrade from 0.9.9.7 to 1-0-rc1 but I end in an infinite redirection loop

I tried to use the github version, to change the domain name (hosted in dreamhost), to use/not-use the .htaccess, upgraded the version of php from 5.5 to 5.6, to change all the settings in the flyspray.conf.php file, but still having the error after to perform the Upgrade task and removing the setup dir

Used the prepacked dependencies since i cannot install them in this server

Thanks
Thanatermesis

When a anonymous user tries to display a ticket of a non public project (for example by entering a random ticket id), Flyspray exposes the title of the non public project in the header bar.

Edit by peterdd: also applies to project description

I’m trying to upgrade from 0.9.9.7 to 1.0-rc4 but the Upgrader stops with this message:

Query {UPDATE "tasks" SET detailed_desc = ?WHERE task_id = ?} with params {,400} Failed! (ERROR: invalid byte sequence for encoding "UTF8": 0xc3 0x3c)

Ubuntu 14.04.5 LTS
PostgreSQL 9.3.10

Correct or wrong code return false!

The results of Securimage Test Script on my server

This script will test your PHP installation to see if Securimage will run on your server.

Session Functionality: Yes!
GD Support: Yes!
GD Version: bundled (2.1.0 compatible)
imageftbbox function: Yes!
TTF Support (FreeType): Yes!
JPEG Support: Yes!
PNG Support: Yes!
GIF Read Support: Yes!
GIF Create Support: Yes!
SQLite Support: Yes!
SQLite is available. If you choose to use it, Securimage can support users who do not accept cookies.
MySQL Support: Yes!
MySQL is available. If you choose to use it, Securimage can support users who do not accept cookies by storing codes in MySQL.
PostgreSQL Support: No
No PostgreSQL support.
LAME MP3 Support: No
LAME was not found, audio will work in WAV format, but not MP3. See Securimage HTML5 audio documentation for info.
Your server meets the requirements for using Securimage!

on modify.inc.php line:754 got

if( !Post::isAlnum('captcha_code') || !$image->check(Post::val('captcha_code'))) {

if( true == false || false == false ) {

After updating from “1.0-rc6” to “1.0-rc7 dev” there is missing controls menu on writer. Look attachment.
How to solve this?

Is there any settings to enable this or I’m missing something...

The issue with many servers now and the reason that recaptcha does not work is because it requires servers to enable allow_url_fopen which is a huge security risk. That is why you get the warning message when you try to run recaptcha that file_get_contents failed to connect.

So the solution is to use Curl to do that job.

Here is the fixed file, excuse my mess i had not cleaned up my code yet... but recaptcha now works.

this file goes in the includes dir... you can clean up the file if you like again sorry about that.

Official release

Steps done to create the problem:
Insert correct (tested with gmail) data into the notification tab and click on “Test”

SSL and TLS are checked.

Expected behavior:
Send test email and confirm it.

Experienced behavior:
Following error message

Error message:
Warning: stream_socket_enable_crypto(): Peer certificate CN=`*.netcup.net’ did not match expected CN=`mail*.netcup.net’ in /var/www/vhosts/.netcup.net/httpdocs/**/flyspray/vendor/swiftmailer/swiftmailer/lib/classes/Swift/Transport/StreamBuffer.php on line 103 Completely unexpected exception: Unable to connect with TLS encryption
This should never happend, please inform Flyspray Developers

The application installer needs an overhaul, all strict notices fixed and the associated dependant tasks resolved.

Hi,

I can’t see the Editor when I make new task. Also when I editing a exciting task.

See nothing to put any HTML code in it. Can you help me!?

I use this version: Flyspray 0.9.9.7

Today it was first time I see real spam on bugs.flyspray.org

The 2 spam accounts registered today and started creating spam posts as new tasks.

What is the reason? Was it by real humans or bots?

So what can we do to reduce this in future?

Ideas for making it harder and unattractive for spammers:

• Users who never opened a nonspam-task or contributed a useful comment should solve a captcha
• Limit the amount of creating tasks for new registered users or a user groups, like limiting to 2 tasks or 1 task per user per day.
• Settings for a more moderated task creation process? Like a quarantine dbtable for tasks?

• If we closed such spam tasks with WTF? reason, it will still be listed by search engines like google at the moment:

1. Move spam tasks to a ‘dumpster project’, that is not visible for guests (search engines!) too.
2. Or make spamming to visible flyspray projects unattractive, lets set noindex for: closed task for some special reason id?
3. Delete spam tasks from database if allowed by your organization

Update: another and this time more aggressive phone number spammer.

Hello,
when selecting timezone in user profile, it only offers offset based timezones. It should offer timezones like "Europe/Prague", instead, because in summer it is UTC+2 and in the winter UTC+1. Also UTC is the same as GMT.

Using offsets will cause invalid future and past times when crossing daylight saving or when something other changes.

Adding daylight checkbox is not enough and will cause additional troubles. Just use names and store them as ENUM in database, not offset. This problem is pretty complicated and the only solution is to use names and let libraries to solve it for you.

Thank you.

When some url to a bug is redirected to the login page, because the user does not have the right to see the bug without login, the user should be redirected after the login to the url he wanted to see.

Maybe redirect to /login/?next=/task/X and put the next-url in a hidden field in the login-form, so flyspray can redirect to the correct page after login.
Even preserving anchor-urls (#comment-YYYY) would be cool, but i guess this needs Javascript to work.

Hello,

First of all, thanks for this great tool, very user friendly.
I'm informing you as requested ("This should never happend, please inform Flyspray Developers" :)) because I'm getting this error message:

[Completely unexpected exception: Connection could not be established with host http://ssl0.ovh.net/ [php_network_getaddresses: getaddrinfo failed: Name or service not known #0]
This should never happend, please inform Flyspray Developers]

I set up the SMTP configuration (SSL) with information provided.

Enclosed in PHPinfo configuration, if it helps.

Thanks

It seem that when deleting a version entry in a project, that tasks that have this version assigned are still connected to this deleted version. For example FS#1222 (on 2015-03-09).

There are several options to solve such things:

• Deny deletion of version as long as tasks assigned to this project version.
  • Either by doing a testing SQL query to check this case coded in PHP. Take care to keep this centralized, must also be respected by an eventually later added Flyspray API (XMLRPC or whatever).
  • add SQL foreign key constraints with ON DELETE RESTRICT
    • Pro: some business logic can be directly enforced by SQL.
    • Cons: higher requirements for hosting, if using mysql innodb tables must be available on the hosting

• Move the tasks of this version to a default fallback version before deleting the version tag.
  • Either doing one transaction doing : 1. move the tasks to its fallback version, 2. delete the version
  • add SQL foreing key constraint with ON DELETE SET $fallbackversionid. Some pros & cons like on the the denying option.

The same for other assignments for tasks.

This issue is similiar to the massop issue: (https://github.com/Flyspray/flyspray/issues/130)

The installer requests a password for the admin account, and provides a default one.

Because this field is not type=”password”, the browser caches this data for any field named “admin_password”

This also applies to future installations of the software.

I have marked this as critical as this can pose a security hazard. A different implementation would be allowing entry of password, or in the case of wanting to provide a default one, have two password fields prepopulated, and a text one prepopulated so that it can be viewed by the end user.

I see php deprecation notices with php 5.6+ from the geshi syntax highlighter plugin of dokuwiki plugin sometimes. (seems to be go away on the second view, so probably not seen on cached views)

It can't be found easy with

grep -r preg_replace | grep '/e'

Because the preg_replace modifiers are added dynamic depending on the target programming language. At least in the version we have in flyspray.

public static function absoluteURI($url = null, $protocol = null, $port = null)
in
class Flyspray

not using basedir and force_basedir from configuration file

its problem because my web-server inside have port 7777 and outside 80 (nginx and PHP-FPM)

please fix it

Removing table on row click made it impossible to open a task’ details if you do not display the task id and summary on the task list, because now those two cells are the only clickable items to open a task, instead of the entire line being the hyperlink

currently absolute positioning overlapping deny button and not full visible

Possible better solution:

• cssbased toggle

• left:50%; width:300px;margin-left:-150px;margin-top:50px;

Both is a bit illogical, but both is currently possible!

1 ←- 1

So when setting the parent task id checked for creating loops is needed:

Loop with 2 tasks: 1 ←- 2 ←- 1

Loop with 3 tasks: 1 ←- 2 ←- 3 ←- 1
Loop with n tasks: 1 ←- ... ←- n < – 1

As I think there are currently no recursive reads that could lead to an endless loop, but should be kept in mind when someone wants to programm rendering a gantt chart.
E.g. by limiting the depth of subtasks for example.

I’m using URL rewriting…

If I click on the link, the picture doesn’t appear.

https://flyspray.xxx.fr/task/27?getfile=8

It’s ok in task history. The right URL is

https://flyspray.xxx.fr/?getfile=8

.

Steps:

- Attach an image to a task.
- It shows as a link in your task (cf. screenshot “Screenshot from 2016-01-29 18-34-31.png”).
- Click on the link.

Result: it opens a “popup” with the image displayed in it. If the image is big, the popup is just so huge the image is not visible without boring horizontal and vertical scrolling (see “Screenshot from 2016-01-30 15-07-26.png” which shows what I see when I click the image link on my task).
I can’t even right click to download from the menu since I see no “Save Image As” item. (see Screenshot-no-save-image-in-menu.png).

My workaround was that if I drag and drop the attachment link in the address bar, I finally get the expected image, which I can finally save as! This workaround was hard to find, and I expect most people will just get frustrated of being able to view an image attachment, yet not save it locally.

I proposes the following:
- a small “download” icon next to the image link in the task for direct download (without preview).
- a “download” link/icon on the top-left of the image display popup (to download while previewing).

And as a side feature (maybe I should make a separate report?), I suggest that by default the image display popup constrains the image to the screen size, with a “see real size” link, so that you don’t get the popup with huge scrolling when opening a big image on a smaller screen.

Note: of course this issue does not appear with non displayable attachment. If I have a zip or a document, it proposes me to download it directly.

When I tried to install a instance of flyspray that is a release, I am greeted with a screen that says that I am trying to install a development version of flyspray. Due to me using shared hosting, I am unable to run any composer commands.

My version of flyspray was downloaded from flyspray.org, so why would this be happening? Thanks

An assigned ticket can't be edited by a lower privileged user.

I have a major problem. At the first I thought that problem is on my server - Windows OS, IIS. But now when I have second bug tracker site on Apache server and error is the same I know that this is not server error but bug tracker error.

How can I help that we resolve this problem?

If e-mail need’s to be sent I got blank white page and nothing happens.

In attachment is my bug tracker with installer (setup) folder. If this somehow helps it?

Version which is used is 1.0 (latest on web) (edit by peterdd: was a mix of older Flyspray versions). The problem is that nothing works because e-mails are not working..

filter_input() is in extension “Filter”.

It is enabled by default since PHP5.2, see http://php.net/manual/en/migration52.new-extensions.php but not “always”, see https://groups.google.com/forum/?hl=de#!topic/flyspray/QM75BvwPqGM

filter_input() is only used at 1 section in Flyspray (since 2014 up to v1.0rc1) in includes/fix.inc.php
This is the commit https://github.com/Flyspray/flyspray/commit/40861911260812c99682fe3456350cb63bb243a9

How do we solve it? Several possibilities:

• Do we really need this calls here? What “bad input” is filtered here?
• Test if the extension is enabled at install/update tests/screens.
• use function_exists() test at every request ( similiar to the source code before https://github.com/Flyspray/flyspray/commit/40861911260812c99682fe3456350cb63bb243a9 )

Problem: https://github.com/Flyspray/flyspray/pull/552

The button ‘My assigned tasks’ should search only by userid, not in username or realname with the LIKE ‘%...%’ operator.

Currently the button is using the same as doing an advanced search filling the ‘Assigned To’ input field. (currently ‘dev’ param) But that search param searches in userid, username and realname.

Edit: Implemented simpler solution: if param is digitsonly, then search by userid, otherwise by username and realname if that param exists.

Edit by peterdd: renamed task summary

Affected versions: at least Flyspray 0.9.9(.7/*?) up to Flyspray 1.0 RC1

Original report: Title ‘Problem regarding 0.9.7 (1.0) to 1.0 RC-1 update’

I tried to update BT from modified version (database in original state) 0.9.7 to 1.0 RC-1 but I got strange error.

PHP is 5.6.

I try to use:
Precompiled with 3rd party libs for PHP5.6

and was doing as was written on upgrade procedure.

Strange is that “D:\SShopBT\includes\class.flyspray.php” there are errors regarding writtable path... Because the path is correct and all other Joomla and Wordpress web sites are working correctly..

After upgrade web site do not work att all. Login not working - just get error. So I must reverse (use backup) database and files.

Server is Windows Server and IIS (Internet Information Services)..

Complete error was (also seen in screenshot):

Warning: is_writable(): open_basedir restriction in effect. File(C:\PHP-temp) is not within the allowed path(s): (D:\) in D:\SShopBT\includes\class.flyspray.php on line 1162 
Warning: is_writable(): open_basedir restriction in effect. File(C:\PHP-temp) is not within the allowed path(s): (D:\) in D:\SShopBT\includes\class.flyspray.php on line 1164 
Warning: is_dir(): open_basedir restriction in effect. File(C:\Windows\TEMP\e865fa2fdfc11dbb32cc6262d247e766) is not within the allowed path(s): (D:\) in D:\SShopBT\includes\constants.inc.php on line 82 
Warning: Cannot modify header information - headers already sent by (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\header.php on line 14 
Warning: Cannot modify header information - headers already sent by (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\header.php on line 15 
Warning: Cannot modify header information - headers already sent by (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\header.php on line 16 
Warning: session_start(): Cannot send session cookie - headers already sent by (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\includes\class.flyspray.php on line 893 
Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\includes\class.flyspray.php on line 893 
Warning: Cannot modify header information - headers already sent by (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\index.php on line 93 
Warning: Cannot modify header information - headers already sent by (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\index.php on line 94 Headers are already sent, this should not have happened. Please inform Flyspray developers.

Logged in as admin, modify a users group membership. After clicking update, you are returned to your logged-in profile (admin in this case). It should re-display the user’s profile you are editing.

The ‘back’ button will return to updated page.

The user preferences and the add new user screens both allow you to set the timezone offset of the user, however, we are only provided with whole hour offsets from GMT. This makes it impossible to select our timezone here in India, which is GMT+5:30 - IST(Indian Standard Time - Asia/Kolkata as per TZ Zoneinfo). In addition, there are also timezones in the GMT+x:45, which wouild also require to be handled. Note, this is totally independent of DST Changes, since some of the countries use DST(Like in Australia) and others do not(Like India).

Here is a link with more details of the same - http://www.timeanddate.com/time/time-zones-interesting.html

I will be trying to identify and fix the codebase to resolve this, and will hopefully have a patch to submit soon.

Regards
R. K. Rajeev

When adding a tag in Greek letters (e.g. “Δοκιμή”) I get:

Query {SELECT tag_id FROM `flyspray_list_tag` WHERE (project_id=0 OR project_id=?) AND tag_name LIKE ? ORDER BY project_id} with params {5,Δοκιμή} Failed! (Illegal mix of collations (latin1_swedish_ci,IMPLICIT) and (utf8_general_ci,COERCIBLE) for operation ‘like’)

In some parts of the world (primarily the US), the date is viewed as Month/Day/Year. However, all options in the current rc4 build are listed as Day/Month/Year aside from one, which goes ShortWrittenMonth/Day#/Year#.

This is poor from a customer perspective, and can be highly confusing. I can change the date globally to a correct format in the database, but this doesn’t help much as every user can select their own date which has all incorrect formats.

The filename for the csv export is build based on project name and current date.

Due different handling of web browsers, the appropriate http header should send the filename in ascii and also provide them as utf-8 for web browsers who can handle that.

Related RFC5987

You cannot select the fields for export to csv. This means that the commentfield (edit: you mean task description, right?) is always exported too. As this commentfield task description (?) could contain quotes, comma’s etc (like people inserting copies of emails on an issue) it corrupts the output file and the file cannot be read by excel.

Good Morning,

I have this message error when I want configure SMTP Server :
Completely unexpected exception: Connection could not be established with host 192.168.0.10 [Permission denied #13]
This should never happend, please inform Flyspray Developers

My flyspray installs on CentOS v7. Postfix installs on the server but I don’t configure anymore.

Can you help me please

Julia LECLERC

I’ve tried inserting an image in the intro message but it doesn’t show. Is there something broken in the formattext.inc file? Seems unlikley because it’s so old but can’t work out why nothing shows.

Alan

I had to disable some parts last year within dokuwiki quickly due sever reported security issues in that area.

As tradeoff embedding images currently don’t work within dokuwiki textareas in Flyspray.

As I too wish that feature reappear working for my projects, this is on my personal list. But requires focused free time because must be made secure.

Maybe instead of using fetch.php of dokuwiki, we can use Flypsray’s ?getfile=id , which also checks permissions.
But must check also securly file types and maybe resize images to fit into the desired page (thumbnails).

Currently the category_id is not checked if the value is legal for the project when a new task is created.

• must be unsigned int
• must be an active category_id of the project or global category.
• setting a category_id must be allowed - see project settings.

If invalid category_id is sent, deny creating task and show error message and show filled form again.

If no category_id is sent (or empty string) and category select is enabled:

• either choose a default category

or

• implement feature request FS#2451 and show that user should select a category.

I’ve set up an account with a username longer than 20 characters, but can’t reset the password because the
flyspray/index.php?do=lostpw
page username field has maxlength=”20” The maxlength for a new user registration seems to be 32 characters.

A related concern is that when setting up the default/admin user on first load of the system, I can use an email address as username (always my preference), but it’s actually not a valid username to create for others thereafter. Consider allowing ‘@’ character in usernames.

In the page http://www.flyspray.org/manual/group_permissions/ , it is written

Shown is an image of the permissions page for the Flyspray project’s Contributors group

but there is no image in there.

I can think of two ways of dealing with that I guess:

1. add an image
2. remove the sentence

What do you think?

Everything is currently hard-coded. Create a plugin system that allows a module to be simply "dropped into" a plugins/ directory, enabled in the options, and have the plugin just work.

Possibilities might include alternative methods of notification, perhaps a documentation subsystem, or even simple things like voting for tasks.

The user should NOT have to edit existing Flyspray source code to make a plugin work.