Flyspray - The bug killer!

After I upgraded to version 1.0 (the upgrade was successful), flyspray only shows a white page (and the source in firefox shows, that the page is completely white).

Please help us finding the roots of these bugs!

Please report what you were exactly doing before this happend, report us your steps made, the used php version, used OS version, and such information.

When some url to a bug is redirected to the login page, because the user does not have the right to see the bug without login, the user should be redirected after the login to the url he wanted to see.

Maybe redirect to /login/?next=/task/X and put the next-url in a hidden field in the login-form, so flyspray can redirect to the correct page after login.
Even preserving anchor-urls (#comment-YYYY) would be cool, but i guess this needs Javascript to work.

Due to the needed implementation of an anti csrf system into Flyspray 1.0,
this are a side effect issues we need to address:

Due the required replacement of action links to form buttons:

• The user cannot just see anymore the target url of the action by hovering over the link. We can compensate that in the simpliest case by using the title-tag as additional info to the user. Trust not full reestabilished that way, but better than nothing and user has fear to click a form button.

Javascriptless CSS3-toggles:

• Some clickable labels don’t show pointer icon when :hover. CSS issue, easy fix.

make a option in configuration file

me need set same $db1→set_charset(’utf8mb4’); for my MySQLi

have a problem with national letters

I see this error after i try enter national letters to the summary input text field for create new task

Query {UPDATE `flyspray_tasks` SET project_id = ?, task_type = ?, item_summary = ?, detailed_desc = ?, item_status = ?,
 mark_private = ?, product_category = ?, closedby_version = ?, operating_system = ?, task_severity = ?, task_priority = ?, 
last_edited_by = ?, last_edited_time = ?, due_date = ?, percent_complete = ?, product_version = ?, estimated_effort = ?
 WHERE task_id = ?} 
with params {1,1,тестовая задача,<p>sdfsdfdsfsd</p> ,2,0,4,0,1,2,4,1,1441344777,0,0,1,0,2} Failed!
(Incorrect string value: '\xD1\x82\xD0\xB5\xD1\x81...' for column 'item_summary' at row 1)

On flyspray/index.php?do=admin&area=newuser I sucessfuly register user with email ;

I don’t recieve popup with message ‘You did’nt enter valid e-mail address’

After that on new page i receive error:

Completely unexpected exception: Address in mailbox given [;] does not comply with RFC 2822, 3.6.2.
This should never happend, please inform Flyspray Developers

While editing an existing task, there’s a “+” button you can click to add a comment as part of the edit. Unfortunately this is just a plaintext box instead of the HTML editor used everywhere else, so it’s impossible to get proper line/paragraph breaks if a comment is entered with this UI.

This problem makes it necessary to edit a task and add a comment as two separate steps, whereas in 0.9.9.6 it was possible to do them together in one step.

Note that this is the case with syntax_plugin=”none”. I don’t know if it’s also a problem when using other values for that setting.

Steps:

- Attach an image to a task.
- It shows as a link in your task (cf. screenshot “Screenshot from 2016-01-29 18-34-31.png”).
- Click on the link.

Result: it opens a “popup” with the image displayed in it. If the image is big, the popup is just so huge the image is not visible without boring horizontal and vertical scrolling (see “Screenshot from 2016-01-30 15-07-26.png” which shows what I see when I click the image link on my task).
I can’t even right click to download from the menu since I see no “Save Image As” item. (see Screenshot-no-save-image-in-menu.png).

My workaround was that if I drag and drop the attachment link in the address bar, I finally get the expected image, which I can finally save as! This workaround was hard to find, and I expect most people will just get frustrated of being able to view an image attachment, yet not save it locally.

I proposes the following:
- a small “download” icon next to the image link in the task for direct download (without preview).
- a “download” link/icon on the top-left of the image display popup (to download while previewing).

And as a side feature (maybe I should make a separate report?), I suggest that by default the image display popup constrains the image to the screen size, with a “see real size” link, so that you don’t get the popup with huge scrolling when opening a big image on a smaller screen.

Note: of course this issue does not appear with non displayable attachment. If I have a zip or a document, it proposes me to download it directly.

As you can see on screenshot attachment the GUI on mobile view is not OK.

I marked with red field what need to be fixed.

Phone used: Samsung Note 4.

Problem: https://github.com/Flyspray/flyspray/pull/552

The button ‘My assigned tasks’ should search only by userid, not in username or realname with the LIKE ‘%...%’ operator.

Currently the button is using the same as doing an advanced search filling the ‘Assigned To’ input field. (currently ‘dev’ param) But that search param searches in userid, username and realname.

Edit: Implemented simpler solution: if param is digitsonly, then search by userid, otherwise by username and realname if that param exists.

The dokuwiki plugin uses a very old version of geshi for syntax highlighting which uses the deprecated /e modifier in preg_replace in two places rather than preg_replace_callback.

This can trigger warnings such as the following when initially parsing content which uses dokuwiki syntax and includes code:

PHP message: PHP Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/phpapps/flyspray/plugins/dokuwiki/inc/geshi.php on line 2058

PHP message: PHP Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/phpapps/flyspray/plugins/dokuwiki/inc/geshi.php on line 2067

This affects bugs.flyspray.org as well. Several hits came up on google when I search for the following due to the warnings having been displayed ahead of the page content (seen screenshot): flyspray preg_replace_callback

Because flyspray caches the results of processing dokuwiki content then the warnings don’t get emitted if the content has already been cached (so you may find that when you access the url in the screenshot that it doesn’t show the warnings unless you clear the cache entry for that task). Previews can get the warnings spat out as well if there are tagged code sections in the content.

I had a look at a more recent version of geshi (1.0.8.11 from sourceforge) and they had fixed that issue in it (presumably along with a lot of other stuff) so I tried replacing plugins/dokuwiki/inc/geshi.php and plugins/dokuwiki/inc/geshi/* with the 1.0.8.11 versions and that stopped the warnings. I haven’t extensively tested it, but it was processing stuff in code blocks correctly still on the couple of samples I tried.

I guess it’s a separate issue but the new flyspray theme doesn’t have any css styles to apply to the syntax highlighting (if you look at  FS#1107  you can see that, and in fact you can see it with the css bit below - if you inspect them with a browser dom inspector you can see that the genshi plugin has parsed and tagged the bits, but no styles are applied so its all just in the default colour). I can raise that as a separate task if worth doing? The following section in bluey stylesheet covered it I think:

.code .br0 {color:#6c6;}
.code .es0 {color:#009;font-weight:700;}
.code .kw1 {color:#b1b100;}
.code .kw2 {color:#000;font-weight:700;}
.code .kw3 {color:#006;}
.code .kw4 {color:#933;}
.code .me0 {color:#060;}
.code .nu0 {color:#c6c;}
.code .re4 {color:#099;}
.code .sc0 {color:#0bd;}
.code .sc1 {color:#db0;}
.code .sc2 {color:#090;}
.code .st0 {color:red;}
.code .co1,.code .co2,.code .coMULTI {color:gray;font-style:italic;}
.code .kw5,.code .re0,.code .re1,.code .re2 {color:#00f;}

“Oh, there are some incompatible properties set that must be resolved before moving this task to a different project.”

Oh, but I am not moving the task to a different project. Just trying to edit my own submission.

“Edit this task” → “Save details”

See attached screen capture.

Logged in as admin, modify a users group membership. After clicking update, you are returned to your logged-in profile (admin in this case). It should re-display the user’s profile you are editing.

The ‘back’ button will return to updated page.

When a anonymous user tries to display a ticket of a non public project (for example by entering a random ticket id), Flyspray exposes the title of the non public project in the header bar.

Edit by peterdd: also applies to project description

Short dates in Greek are represented in the majority of cases with slashes (24/10/2016). Very seldom some people may use the dash form (24-10-2016) and hardly ever the dot form (24.10.2016).

So it would be much appreciated if the slash form were a (working) option because as it is dates are a bit confusing to us, especially in a date-time combination (too many numbers in a not-so-obvious format - brain needs extra time to decode it).

When adding a tag in Greek letters (e.g. “Δοκιμή”) I get:

Query {SELECT tag_id FROM `flyspray_list_tag` WHERE (project_id=0 OR project_id=?) AND tag_name LIKE ? ORDER BY project_id} with params {5,Δοκιμή} Failed! (Illegal mix of collations (latin1_swedish_ci,IMPLICIT) and (utf8_general_ci,COERCIBLE) for operation ‘like’)

In some parts of the world (primarily the US), the date is viewed as Month/Day/Year. However, all options in the current rc4 build are listed as Day/Month/Year aside from one, which goes ShortWrittenMonth/Day#/Year#.

This is poor from a customer perspective, and can be highly confusing. I can change the date globally to a correct format in the database, but this doesn’t help much as every user can select their own date which has all incorrect formats.

I’ve set up an account with a username longer than 20 characters, but can’t reset the password because the
flyspray/index.php?do=lostpw
page username field has maxlength=”20” The maxlength for a new user registration seems to be 32 characters.

A related concern is that when setting up the default/admin user on first load of the system, I can use an email address as username (always my preference), but it’s actually not a valid username to create for others thereafter. Consider allowing ‘@’ character in usernames.

Steps done to create the problem:
Visit https://bugs.flyspray.org/index.php?do=register in a private browser window (so you are logged out)

Put in an already taken username (e.g. Stefan or Stefan2)

Expected behavior:
Username gets red and a note appears that username already is taken

Experienced behavior:
Username gets green and registration of a new user proceeds with sending a notification mail with confirmation code.
After putting in the confirmation code in provided page, user gets presented a “username is already taken, choose another” (where?) message, and has to re-start registration process from beginning and hopefully this time choose a not taken name.

If you define an inactivity-close value in hours/days (haven't tried weeks) the bug is still open when the time expires.

Add Timezone Selection to Admin Panel

Hello,

First of all, thanks for this great tool, very user friendly.
I'm informing you as requested ("This should never happend, please inform Flyspray Developers" :)) because I'm getting this error message:

[Completely unexpected exception: Connection could not be established with host http://ssl0.ovh.net/ [php_network_getaddresses: getaddrinfo failed: Name or service not known #0]
This should never happend, please inform Flyspray Developers]

I set up the SMTP configuration (SSL) with information provided.

Enclosed in PHPinfo configuration, if it helps.

Thanks

Ability to click field to edit ticket

TODO: return handler if request ok or fail.

TODO: also clicks on label should trigger show form.

Maybe the whole “click to active for editing this field” to one click too much.
So if the user has the rights to edit the value the form input or action button should be shown when viewing a task.
All other people just see the value if they have the right to view the value.

When I tried to install a instance of flyspray that is a release, I am greeted with a screen that says that I am trying to install a development version of flyspray. Due to me using shared hosting, I am unable to run any composer commands.

My version of flyspray was downloaded from flyspray.org, so why would this be happening? Thanks

Moving task to another project seems to require fields updated to target project options. This operation is not possible on the task category field and possibly others. Attempting to submit changes gives error:

“Oh, there are some incompatible properties set that must be resolved before moving this task to a different project.”

However, you cannot select a new value (from the target list) for the properties in question.

Edit by peterdd: renamed task summary

Affected versions: at least Flyspray 0.9.9(.7/*?) up to Flyspray 1.0 RC1

Original report: Title ‘Problem regarding 0.9.7 (1.0) to 1.0 RC-1 update’

I tried to update BT from modified version (database in original state) 0.9.7 to 1.0 RC-1 but I got strange error.

PHP is 5.6.

I try to use:
Precompiled with 3rd party libs for PHP5.6

and was doing as was written on upgrade procedure.

Strange is that “D:\SShopBT\includes\class.flyspray.php” there are errors regarding writtable path... Because the path is correct and all other Joomla and Wordpress web sites are working correctly..

After upgrade web site do not work att all. Login not working - just get error. So I must reverse (use backup) database and files.

Server is Windows Server and IIS (Internet Information Services)..

Complete error was (also seen in screenshot):

Warning: is_writable(): open_basedir restriction in effect. File(C:\PHP-temp) is not within the allowed path(s): (D:\) in D:\SShopBT\includes\class.flyspray.php on line 1162 
Warning: is_writable(): open_basedir restriction in effect. File(C:\PHP-temp) is not within the allowed path(s): (D:\) in D:\SShopBT\includes\class.flyspray.php on line 1164 
Warning: is_dir(): open_basedir restriction in effect. File(C:\Windows\TEMP\e865fa2fdfc11dbb32cc6262d247e766) is not within the allowed path(s): (D:\) in D:\SShopBT\includes\constants.inc.php on line 82 
Warning: Cannot modify header information - headers already sent by (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\header.php on line 14 
Warning: Cannot modify header information - headers already sent by (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\header.php on line 15 
Warning: Cannot modify header information - headers already sent by (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\header.php on line 16 
Warning: session_start(): Cannot send session cookie - headers already sent by (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\includes\class.flyspray.php on line 893 
Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\includes\class.flyspray.php on line 893 
Warning: Cannot modify header information - headers already sent by (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\index.php on line 93 
Warning: Cannot modify header information - headers already sent by (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\index.php on line 94 Headers are already sent, this should not have happened. Please inform Flyspray developers.

danoh on github wants to work on patch. Couldn’t find him here..

When choosing HTML/CKEditor on the setup screen you are presented with an error stating that syntax plugin cannot be empty.

This is due to the option value being empty:

<select name="syntax_plugin">
			<option value="dokuwiki">Text/Dokuwiki</option>
			<option value="">HTML/CKEditor</option>
			</select>

A suggested fix is to remove the requirement to select an option (since you have to select one or the other anyway).

Hello,

I’m having an issue on the notification’s mail sent to people when quick-editing a task, more precisely on the link to the task below.

I had this in my older mails :
mybugtracker.com/js/callbacks/index.php?do=details&task_id=xxxx

I “corrected” it by adding a str_replace here (see my screenshot), and now it’s good.

Thank you

Hello,
when selecting timezone in user profile, it only offers offset based timezones. It should offer timezones like "Europe/Prague", instead, because in summer it is UTC+2 and in the winter UTC+1. Also UTC is the same as GMT.

Using offsets will cause invalid future and past times when crossing daylight saving or when something other changes.

Adding daylight checkbox is not enough and will cause additional troubles. Just use names and store them as ENUM in database, not offset. This problem is pretty complicated and the only solution is to use names and let libraries to solve it for you.

Thank you.

Keyboard navigation is not documented

grep -r 'accesskey' *

filter_input() is in extension “Filter”.

It is enabled by default since PHP5.2, see http://php.net/manual/en/migration52.new-extensions.php but not “always”, see https://groups.google.com/forum/?hl=de#!topic/flyspray/QM75BvwPqGM

filter_input() is only used at 1 section in Flyspray (since 2014 up to v1.0rc1) in includes/fix.inc.php
This is the commit https://github.com/Flyspray/flyspray/commit/40861911260812c99682fe3456350cb63bb243a9

How do we solve it? Several possibilities:

• Do we really need this calls here? What “bad input” is filtered here?
• Test if the extension is enabled at install/update tests/screens.
• use function_exists() test at every request ( similiar to the source code before https://github.com/Flyspray/flyspray/commit/40861911260812c99682fe3456350cb63bb243a9 )

I understand this is likely due to some sort of XSS CSRF protection, but the delay doesn’t appear to be long enough to be useful for a lengthy comment to be posted. I’ve now lost two detailed comments in our tracker because the software threw everything out and generated a meaningless error.

Further, attempting to do the normal thing and making the browser resubmit the page results in Flyspray throwing “Error #3” something something repeated action and causing a redirect to the homepage.

Surely there has to be a better way to handle this that doesn’t incur data loss?

When entering the wrong SMTP information and then adding a user through Multiple New Users page, the error message is bad. It just says 'this should never happen'. Instead, we need to detect that it is an SMTP authentication error and report that issue to the user more clearly.

It seem that when deleting a version entry in a project, that tasks that have this version assigned are still connected to this deleted version. For example FS#1222 (on 2015-03-09).

There are several options to solve such things:

• Deny deletion of version as long as tasks assigned to this project version.
  • Either by doing a testing SQL query to check this case coded in PHP. Take care to keep this centralized, must also be respected by an eventually later added Flyspray API (XMLRPC or whatever).
  • add SQL foreign key constraints with ON DELETE RESTRICT
    • Pro: some business logic can be directly enforced by SQL.
    • Cons: higher requirements for hosting, if using mysql innodb tables must be available on the hosting

• Move the tasks of this version to a default fallback version before deleting the version tag.
  • Either doing one transaction doing : 1. move the tasks to its fallback version, 2. delete the version
  • add SQL foreing key constraint with ON DELETE SET $fallbackversionid. Some pros & cons like on the the denying option.

The same for other assignments for tasks.

This issue is similiar to the massop issue: (https://github.com/Flyspray/flyspray/issues/130)

Summary of TODO I found on the net:

• There is a very old project site of flyspray on sf.net . The info there should be updated or removed.

• Update info and keep an eye on http://alternativeto.net/software/flyspray/ from time to time.

• Keep an eye and update Flyspray info on wikipedia for example:
  • http://en.wikipedia.org/wiki/Bug_tracking_system
  • http://en.wikipedia.org/wiki/Comparison_of_issue-tracking_systems
  • http://en.wikipedia.org/wiki/Comparison_of_project_management_software
  • http://en.wikipedia.org/wiki/Comparison_of_help_desk_issue_tracking_software
  • http://de.wikipedia.org/wiki/Issue-Tracking-System

When I scroll down the page to see more of the task list and then click on one of the column headings to sot by this heading, the answer page doesn't scroll down to the table.

I think there are 2 technical solutions for that:

1. set an name/id a-anchor on top of the table and on each column heading link add for example '#tasklist'.

2. add a js-sorter with complete extra search and sort ajax-backend with e.g. libs from http://datatables.net/ This requires aleso writing a server side handler for taking the ajax requests (respecting user permissions!) and is only usable if js in enabled in browser. So this second solution can only be a luxury comfort function.

maybe yet fixed in 1.0 dev, but here bugs.flyspray.org my account is shown twice for selection if u edit a task.

Internally in the form also with the same id, so probably not a big problem.

I registered some years ago, maybe this year jordan(?) added me again or with another email adress? Maybe I have two addresses under on account here, which is a feature, not a bug.

But for the assignee list it should “group by user_id”.

If on the reports page some get params aren't set, there are notice warnings on the report result page

like

index.php?do=reports&events[]=30

without start date,end date,result size

But it can be useful to have a bit shorter urls for sharing between authorized users instead the full params url.

Result page should use user default and project default settings fallbacks for the unset get params.

I find it irritating to have the oldest activity on the right side and newest activity on the left side of the small activity bars.

There is also no time scale description. This could be added by showin it on :hover to keep the simple appearance.

A complete new feature would be to replace the image generation by rendering the bars in the html in the same request, e.g by inline svg or canvas element. This would enable adding some interactivity with the activity bars..
A related feature request is FS#1991 (project progress)

I see php deprecation notices with php 5.6+ from the geshi syntax highlighter plugin of dokuwiki plugin sometimes. (seems to be go away on the second view, so probably not seen on cached views)

It can't be found easy with

grep -r preg_replace | grep '/e'

Because the preg_replace modifiers are added dynamic depending on the target programming language. At least in the version we have in flyspray.

Got "wrong token" on creating a task whose form were open for a while in browser tab.

That means probably the session timed out on bugs.flyspray.org, so the anti csrf token doesn't existed anymore on the webserver.

It would'nt be a big problem if the browser backbutton works showing the ready written form again, but it was empty.

One solution would be temporarly storing it offline in the browser storages which are available with html5. But open for other simpler solutions..

It's old. There has been a newer version 2.0. Even that one is not supported anymore, although some documents still remain available. The calendar component relies on its language translations files to be complete, or it breaks. Unfortunately, as I found out a few weeks ago, they are not, after switching the default language from english to my native one. Without having a good replacement for it, some of the translations for flyspray itself we've been getting lately are half-way unusable. Not for an ordinary user, but for anyone actually having to edit a task and its due date.

With the existence of now two peoples named "Peter" on bugs.flyspray.org (I - peterdd , and PeterTheOne)
there are several places where the full names are display instead of usernames and the user can't know who is which "Peter" until he visits the users profile page.

Different solutions possible:

• more profile image/gravatar usage where user names are shown
• display username instead of full name
• display full name and username (where much space available and precision needed)
• ...

Just moved issue #110 from https://github.com/Flyspray/flyspray/issues/110 to here for centralized task tracking.

Maybe just needs testing with current github master.

On some forms, when the user presses the reload button of this browser, the POST submit can be resubmitted.

Browsers can warn about this (Chromium, Firefox, Konqueror tested and they show a warning dialog) before executing the second POST.
But people on Flyspray mailing list wrote they experienced double comments.

Simple solution is just HTTP GET redirects after a successful POST. (HTTP 303 or HTTP 302)
But maybe there is a better method than a second roundtrip always needed?

Success, Error, or Warn-messages to the user are stored in the $_SESSION variable for displaying on the second GET request.
But I think that this is a bit ... mmh... not perfect.

For example, I would like to have in the direct response at which position in a form an input error is, not just the message bar in the top center as it is currently that just dissappear after a few seconds.

Also take care the browser back button still works as expected for the user.

As discussed with the team some time ago, a consolidation of places where issues are discussed is wanted.

One of the results was, that we do not want people post issues to github.com Issues and instead use our own bugs.flyspray.org
and to prefer "to eat our own dogfood" and a have central place to handle tasks.

As a result we tried to reduce the open issueas on github.com. I was in the process of moving 2 of still 7 open issues there to bugs.flyspray.org when suddenly the Issues on github.com were closed. Now the last 5 issues there are lost at the moment for me and the audience, which where mostly informations to interested users, not bugs.

I think just closing it without an easy accessible alternative is not the best solution.

At least we should wait until the oauth2 authentication for github users should be implemented and setup on bugs.flyspray.org , so people browsing github.com, finding Flyspray project just can
"Login with github"-feature on bugs.flyspray.org.

The blocker to do this: Currently there is missing an option to "connect" an oauth "Login with github"- Login with an existend flyspray userlogin.

So that one userid in flyspray can:

• login with username and password
• login with one or more of his social accounts (github, facebook, microsoft, g+) if they are enabled (would it restrict to github.com accounts for bugs.flyspray.org)

I wanted edit/fix the comment of an anonymous reporter, but the edit shows empty content on editing..

(here on closed, but non yet implemented  FS#218 )

Removing table on row click made it impossible to open a task’ details if you do not display the task id and summary on the task list, because now those two cells are the only clickable items to open a task, instead of the entire line being the hyperlink

currently absolute positioning overlapping deny button and not full visible

Possible better solution:

• cssbased toggle

• left:50%; width:300px;margin-left:-150px;margin-top:50px;

Both is a bit illogical, but both is currently possible!

1 ←- 1

So when setting the parent task id checked for creating loops is needed:

Loop with 2 tasks: 1 ←- 2 ←- 1

Loop with 3 tasks: 1 ←- 2 ←- 3 ←- 1
Loop with n tasks: 1 ←- ... ←- n < – 1

As I think there are currently no recursive reads that could lead to an endless loop, but should be kept in mind when someone wants to programm rendering a gantt chart.
E.g. by limiting the depth of subtasks for example.