Flyspray - The bug killer!

This is the Bug Tracking System for the Flyspray project. This is not a demo!

2019-04-22: Flyspray 1.0-rc9 released See

ID Category Task Type Severity  desc Summary Status Progress Assigned To Due In Version Opened Last Edited
2018User InterfaceBug ReportLowreview keyboard navigationResearching
1.1 devel526.07.201529.07.2019 Task Description

Keyboard navigation is not documented

At least there is no hint in the interface which keyboard shortcuts are available for fast navigation between task list and task details view.

Due to the dropping of the cookie storage for remembering last search or last selected task in favor of not interfering when multiple flyspray browser tabs are open (with e.g. different projects) ,
the caret list browsing with ‘j’,’k’,’o’ and details view isn’t useful at moment.

  1. keyboard based navigation must be documented somewhere, e.g. by providing hints (clickable icon for info or :hover ) at appropriate positions.
  2. navigation flow and technical realisation reviewed for keyboard power users

Edit: Currently handled by js event handler:

  • j move cursor down in task list
  • k move cursor up in task list
  • o open current selected task in task list
  • n next task on task details page
  • p previous task on task details page
grep -r 'accesskey' *

Current accesskeys (browserspecific + key):

  • a double usage for new task and newmultitask. Must hit [Enter] to open one of them; on newmultitask page it adds a new row.
  • e edit task on task details page
  • f copy firstline to the other rows on new multitask page
  • l show loginbox or logs you off
  • m toggle mysearchesbox
  • r reset? when dokuwiki plugin is used
  • s submit when dokuwiki plugin is used
  • w watch/unwatch task on task details page
  • n next task
  • p previous task
  • y close task
2038Backend/CoreBug ReportLowJscalendar must be replaced with something elseNew
223.08.201524.08.2015 Task Description

It's old. There has been a newer version 2.0. Even that one is not supported anymore, although some documents still remain available. The calendar component relies on its language translations files to be complete, or it breaks. Unfortunately, as I found out a few weeks ago, they are not, after switching the default language from english to my native one. Without having a good replacement for it, some of the translations for flyspray itself we've been getting lately are half-way unusable. Not for an ordinary user, but for anyone actually having to edit a task and its due date.

2048Backend/CoreBug ReportLowerror when adding data containing national charactersUnconfirmed
09.09.201509.09.2015 Task Description

this one is somehow tricky, it doesn't happens always but sometimes when fields or filenames contain national characters (I'm in Spain) flyspray returns an error looking like this one:

Query {INSERT INTO `flyspray_attachments` ( task_id, comment_id, file_name, file_type, file_size, orig_name, added_by, date_added) VALUES (?, ?, ?, ?, ?, ?, ?, ?)} with params {189,711,189_9c5d837bb10b7e0989a3c8be8d,application/pdf; charset=binary,736986,Guia de aplicación medidas difusicón y publicidad.pdf,4,1441827828} Failed! (Incorrect string value: '\xCC\x81n me...' for column 'orig_name' at row 1)

here we have a pdf named "Guia de aplicación medidas difusicón y publicidad.pdf" but I had this error also with titles or descriptions containing spanish letters...

2053Backend/CoreBug ReportLowambiguous user name display username / realnameNew
1.1 devel217.09.201519.02.2020 Task Description

With the existence of now two peoples named “Peter” on (I - peterdd , and PeterTheOne)
there are several places where the full names are display instead of usernames and the user can’t know who is which “Peter” until he visits the users profile page.

Different solutions possible:

  • more profile image/gravatar usage where user names are shown, on mouseover link title attribute shows username and realname
  • display user name (username) instead of full name (realname)
  • display full name and username (where much space available and precision needed)

When adding the mention feature, the username will be probably the prefered setting as the username is unique but the realname not.

2055Backend/CoreBug ReportLowMake the csv export table fields respect the user permi...New
1.1 devel17.09.201517.09.2015 Task Description

Just moved issue #110 from to here for centralized task tracking.

Maybe just needs testing with current github master.

2057Backend/CoreBug ReportLowDo not resubmit forms on browser reload button or F5New
122.09.201523.09.2015 Task Description

On some forms, when the user presses the reload button of this browser, the POST submit can be resubmitted.

Browsers can warn about this (Chromium, Firefox, Konqueror tested and they show a warning dialog) before executing the second POST.
But people on Flyspray mailing list wrote they experienced double comments.

Simple solution is just HTTP GET redirects after a successful POST. (HTTP 303 or HTTP 302)
But maybe there is a better method than a second roundtrip always needed?

Success, Error, or Warn-messages to the user are stored in the $_SESSION variable for displaying on the second GET request.
But I think that this is a bit ... mmh... not perfect.

For example, I would like to have in the direct response at which position in a form an input error is, not just the message bar in the top center as it is currently that just dissappear after a few seconds.

Also take care the browser back button still works as expected for the user.

2058Backend/CoreBug ReportLowClosing of 'Issues' featureNew
24.09.201524.09.2015 Task Description

As discussed with the team some time ago, a consolidation of places where issues are discussed is wanted.

One of the results was, that we do not want people post issues to Issues and instead use our own
and to prefer "to eat our own dogfood" and a have central place to handle tasks.

As a result we tried to reduce the open issueas on I was in the process of moving 2 of still 7 open issues there to when suddenly the Issues on were closed. :-( Now the last 5 issues there are lost at the moment for me and the audience, which where mostly informations to interested users, not bugs.

I think just closing it without an easy accessible alternative is not the best solution.

At least we should wait until the oauth2 authentication for github users should be implemented and setup on , so people browsing, finding Flyspray project just can
"Login with github"-feature on

The blocker to do this: Currently there is missing an option to "connect" an oauth "Login with github"- Login with an existend flyspray userlogin.

So that one userid in flyspray can:

  • login with username and password
  • login with one or more of his social accounts (github, facebook, microsoft, g+) if they are enabled (would it restrict to accounts for
2071EmailBug ReportLowNew user e-mail validationConfirmed
14.10.201514.10.2015 Task Description

On flyspray/index.php?do=admin&area=newuser I sucessfuly register user with email ;

I don’t recieve popup with message ‘You did’nt enter valid e-mail address’

After that on new page i receive error:

Completely unexpected exception: Address in mailbox given [;] does not comply with RFC 2822, 3.6.2.
This should never happend, please inform Flyspray Developers

2073Backend/CoreBug ReportLowCouldn't edit comment of anonymous reporterNew
17.10.201517.10.2015 Task Description

I wanted edit/fix the comment of an anonymous reporter, but the edit shows empty content on editing..

(here on closed, but non yet implemented  FS#218 )

2081User InterfaceBug ReportLowUI for adding comment while editing task doesn't use HT...Confirmed
429.10.201506.11.2015 Task Description

While editing an existing task, there’s a “+” button you can click to add a comment as part of the edit. Unfortunately this is just a plaintext box instead of the HTML editor used everywhere else, so it’s impossible to get proper line/paragraph breaks if a comment is entered with this UI.

This problem makes it necessary to edit a task and add a comment as two separate steps, whereas in it was possible to do them together in one step.

Note that this is the case with syntax_plugin=”none”. I don’t know if it’s also a problem when using other values for that setting.

2101Backend/CoreBug ReportLowMobile view GUI bugConfirmed
418.02.201624.02.2016 Task Description

As you can see on screenshot attachment the GUI on mobile view is not OK.

I marked with red field what need to be fixed.

Phone used: Samsung Note 4.

2104Backend/CoreBug ReportLowfiltering by one user on tasks with multiple assignees ...New
226.02.201615.06.2020 Task Description

If you have a tasklist with tasks that have multiple assignees in a task and you search just by one of the assignees, the resulting tasklist shows only this user in the assignees column.

Expected: all assignees of the tasks are shown.

2128Text RenderingBug ReportLowGeshi (part of dokuwiki plugin for code blocks) uses de...Confirmed
2120.05.201605.05.2019 Task Description

The dokuwiki plugin uses a very old version of geshi for syntax highlighting which uses the deprecated /e modifier in preg_replace in two places rather than preg_replace_callback.

This can trigger warnings such as the following when initially parsing content which uses dokuwiki syntax and includes code:

PHP message: PHP Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/phpapps/flyspray/plugins/dokuwiki/inc/geshi.php on line 2058

PHP message: PHP Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/phpapps/flyspray/plugins/dokuwiki/inc/geshi.php on line 2067

This affects as well. Several hits came up on google when I search for the following due to the warnings having been displayed ahead of the page content (seen screenshot): flyspray preg_replace_callback

Because flyspray caches the results of processing dokuwiki content then the warnings don’t get emitted if the content has already been cached (so you may find that when you access the url in the screenshot that it doesn’t show the warnings unless you clear the cache entry for that task). Previews can get the warnings spat out as well if there are tagged code sections in the content.

I had a look at a more recent version of geshi ( from sourceforge) and they had fixed that issue in it (presumably along with a lot of other stuff) so I tried replacing plugins/dokuwiki/inc/geshi.php and plugins/dokuwiki/inc/geshi/* with the versions and that stopped the warnings. I haven’t extensively tested it, but it was processing stuff in code blocks correctly still on the couple of samples I tried.

I guess it’s a separate issue but the new flyspray theme doesn’t have any css styles to apply to the syntax highlighting (if you look at  FS#1107  you can see that, and in fact you can see it with the css bit below - if you inspect them with a browser dom inspector you can see that the genshi plugin has parsed and tagged the bits, but no styles are applied so its all just in the default colour). I can raise that as a separate task if worth doing? The following section in bluey stylesheet covered it I think:

.code .br0 {color:#6c6;}
.code .es0 {color:#009;font-weight:700;}
.code .kw1 {color:#b1b100;}
.code .kw2 {color:#000;font-weight:700;}
.code .kw3 {color:#006;}
.code .kw4 {color:#933;}
.code .me0 {color:#060;}
.code .nu0 {color:#c6c;}
.code .re4 {color:#099;}
.code .sc0 {color:#0bd;}
.code .sc1 {color:#db0;}
.code .sc2 {color:#090;}
.code .st0 {color:red;}
.code .co1,.code .co2,.code .coMULTI {color:gray;font-style:italic;}
.code .kw5,.code .re0,.code .re1,.code .re2 {color:#00f;}
2137Backend/CoreBug ReportLowfeature accesskey bad implemented by web browsersNew
15.06.201615.06.2016 Task Description

My tests showed that the html accesskey feature is not well and consistent supported by current web browsers and is quite cumbersome to use.
And it seems it will not be better in future..

The only solution I see dropping that feature or replacing them with simple single-key-event javascript listeners, like it is currently done with keys o, j, k, n, and p.

accesskeys in Flyspray I talk about:

  • l (current SHIFT+ALT+l Firefox) login dialog / logout
  • a (current SHIFT+ALT+a Firefox) add new task
  • m (current SHIFT+ALT+m Firefox) my searches
  • t (current SHIFT+ALT+t Firefox) focus taskid search
  • e (current SHIFT+ALT+e + Enter Firefox) edit task
  • x or y? (current SHIFT+ALT+y Firefox) close task
  • s (current SHIFT+ALT+s Firefox) save task

Also related to Keyboard navigation: tabindex

2142Backend/CoreBug ReportLowPost-authenticate redirect does not make use of baseurl...Unconfirmed
28.06.201601.08.2016 Task Description

I run flyspray behind a reverse proxy with the front end url being https and with the actual back end server not being on a standard port and not using https.

Setting force_baseurl seems to sort most areas with flyspray’s url generation using that instead of picking up from $_SERVER, however post-authentication redirection does not do that it just processes redirect_to as is (which in my case means it picks up the protocol, name and port for the back end server rather than what’s set in force_baseurl).

./themes/CleanFS/templates/loginbox.tpl puts out $_SERVER[’REQUEST_URI‘] into a hidden redirect_to input field - on my setup on the front page that’s e.g. “/” or for a ticket url it would be “/index.php?do=details&task_id=999” so no protocol or hostname.

scripts/authenticate.php picks up that redirect_to value and just passes it to Flyspray::Redirect, which in turn calls FlySpray::absoluteURI on what it’s passed, and FlySpray::absoluteURI doesn’t use $baseurl to qualify the url.

Not sure what the best fix is - my suggestion would be that Redirect detects urls that aren’t fully qualified and adds the $baseurl on to the front of them, rather than calling absoluteURI (absoluteURI is used to set $baseurl if force_baseurl is unset, so that’s not appropriate to modify). Alternatively scripts/authenticate.php could check redirect_to and add $baseurl if needed.

2160Backend/CoreBug ReportLowCannot "accept" PM close request if already closedUnconfirmed
14.07.201614.07.2016 Task Description

If a task creator requested closure, and someone (developer) closes the task explicitly, the PM request cannot be later ‘accepted’ and the PM request remains in the queue.

Workaround - Deny request and queue item is removed OK.

It looks like the PM request button invoked details.close which returns early if task is already closed.

2198User InterfaceBug ReportLowMulti-Select from tasklist offers options to those who ...Unconfirmed
1122.08.201622.08.2016 Task Description

When viewing a project via the tasklist, there are a series of checkboxes available. If a user in a group with “modify own tasks” checks a box on a ticket - no matter who actually owns it - they are given a list of options to change it with.

This should not happen. The checkboxes should only be available from the tasklist if the user can actually edit the tickets they’d be next to.


2215Text RenderingBug ReportLowwrong output of Geshi syntax highlighting for xml codeNew
117.10.201631.12.2017 Task Description

Geshi from is quite slow at the current integration of Flyspray v1.0-rc3 on the first run. (But any further read uses the cache.)

But it produces garbled output for xml code highlighting:

Example without xml, just format as preformatted code:


Or as php syntax highlighting (even if it doesn’t contain a real php-tag ;-) ):


Example with xml choosen as language:


The table tag is stripped away instead of converting the tag for output inside code/pre tags (by converting the < and > chars). Maybe just a configuration issue?

2309User InterfaceBug ReportLowPHP noticed displayed on default "All Projects" page.Unconfirmed
302.11.201626.11.2016 Task Description

I am seeing some noticed on the front page of our tracker install that were not present prior to updating to 1.0rc3.

Notice: Undefined offset: 1 in <redacted>/scripts/index.php on line 202 Notice: Undefined offset: 2 in <redacted>/scripts/index.php on line 202

It’s displaying the full path to the files on the page.

There are effectively 2 issues here. One is that some kind of error is kicking up. Second is that it’s being shown to anyone who visits the site.

2315Backend/CoreBug ReportLowFiling a new task is possible with no details in the ma...Unconfirmed
21.11.201621.11.2016 Task Description

When filing a task, it’s possible to submit the task without any information at all being added to the main body of the ticket. This leads to reports that are of no value because the user can simply add some vague title, hit submit, and then wonder why nothing happens other than someone closing it later as invalid.

The main body of the ticket should be considered a required field and should throw an error if nothing is in the box.

2316Backend/CoreBug ReportLow"wrongtoken" is displayed if the comment box is left si...Assigned
peterdd7122.11.201629.07.2019 Task Description

I understand this is likely due to some sort of XSS CSRF protection, but the delay doesn’t appear to be long enough to be useful for a lengthy comment to be posted. I’ve now lost two detailed comments in our tracker because the software threw everything out and generated a meaningless error.

Further, attempting to do the normal thing and making the browser resubmit the page results in Flyspray throwing “Error #3” something something repeated action and causing a redirect to the homepage.

Surely there has to be a better way to handle this that doesn’t incur data loss?

2318Installer and UpgraderBug ReportLowsyntax_plugin required when selected ckeditor in SetupRequires testing
323.11.201607.12.2016 Task Description

When choosing HTML/CKEditor on the setup screen you are presented with an error stating that syntax plugin cannot be empty.

This is due to the option value being empty:

<select name="syntax_plugin">
			<option value="dokuwiki">Text/Dokuwiki</option>
			<option value="">HTML/CKEditor</option>

A suggested fix is to remove the requirement to select an option (since you have to select one or the other anyway).

2330Backend/CoreBug ReportLowPHP Notice: Undefined offset: 0 in scripts/index.php o...Unconfirmed
423.01.201730.01.2017 Task Description

Pretty minor, but seems to show up regularly enough in our logs. The line in question:

$outfile = str_replace(' ', '_', $tasks[0]['project_title']).'_'.date("Y-m-d").'.csv';
2344NotificationsBug ReportLowAdmins still get noticed for new users even with the op...Unconfirmed
616.02.201724.03.2017 Task Description


There’s a checkbox on this menu to toggle whether admins get notices for new user registrations or not. Ours is off, but I’m still getting those notices.

2345Text RenderingBug ReportLow<hr> should be in allowed tagsUnconfirmed
220.02.201723.02.2017 Task Description

Because the hr tag is allowed in the new html comment editor it should be also allowed to display it in the ticket description.
class.tpl.php:875 –> just add it here

2436Backend/CoreBug ReportLowdokuwiki renderer creates nonunique html-id for h1,h2,h...New
2448Backend/CoreBug ReportLowerror message in eventlog reportsUnconfirmed
2449Backend/CoreBug ReportLowUnexepted exception on smtp gmail sendUnconfirmed
2454Backend/CoreBug ReportLowPHP warning in admin edit user areaNew
2491Backend/CoreBug ReportLowgroup member links if project manager but not adminNew
2496EmailBug ReportLowNotification Mail - Link to the task invalid when quick...Waiting on Customer
2527Backend/CoreBug ReportLowDatabase Check »Your mysql supports full utf-8 since 5....Unconfirmed
2528User InterfaceBug ReportLowNew user registration doesn't check for duplicate usern...Confirmed
2544EmailBug ReportLowError when registering new accountUnconfirmed
2549User InterfaceBug ReportLowOauth register template always shows "Username already ...Unconfirmed
2550EmailBug ReportLowException handling sending email notificationUnconfirmed
2559Backend/CoreBug ReportLowa duplicate close accepted even when missing comment/ r...New
2560Backend/CoreBug ReportLowdo not allow close task with reason duplicate referenci...New
2588Backend/CoreBug ReportLowps_files_cleanup_dir: opendir(/tmp/.priv) failed: Permi...Unconfirmed
2589User InterfaceBug ReportLowTime zone in user settings is confusingUnconfirmed
2596EmailBug ReportLowInvalid link in notification HTML part of eMailWaiting on Customer
2598User InterfaceBug ReportLowuser registration in admin area: "username taken" but t...Assigned
2607AuthenticationBug ReportLowWhitespaces in email address fieldUnconfirmed
920User InterfaceFeature RequestLowCharts (gantt, severities, OSes, opened-closed, ...)Researching
1040User InterfaceFeature RequestLowClose Multiple Tasks at onceNew
1.1 devel5317.08.200601.10.2015
1134User InterfaceFeature RequestLowadd icon/image for each projectPlanned
1.1 devel7329.11.200609.03.2015
1236User InterfaceFeature RequestLowMark Issue As Verified or UnverifiableUnconfirmed
1481User InterfaceFeature RequestLowDiff visualisationUnconfirmed
1485User InterfaceFeature RequestLowAdditional extended Printview for the TasksPlanned
1487AuthenticationFeature RequestLowLDAP(Active Directory) AuthenticationPlanned
1.1 devel101121.05.200804.09.2019
Showing tasks 101 - 150 of 321 Page 3 of 7

Available keyboard shortcuts


Task Details

Task Editing