This is the Bug Tracking System for the Flyspray project. This is not a demo!

2021-04-23: Flyspray 1.0-rc10 released See

If you are upgrading from older version, please wait for 1.0-rc11.

ID Category Task Type Severity Summary Status Progress Assigned To Due In Version   desc Opened Last Edited
2048Backend/CoreBug ReportLowerror when adding data containing national charactersUnconfirmed
09.09.201509.09.2015 Task Description

this one is somehow tricky, it doesn't happens always but sometimes when fields or filenames contain national characters (I'm in Spain) flyspray returns an error looking like this one:

Query {INSERT INTO `flyspray_attachments` ( task_id, comment_id, file_name, file_type, file_size, orig_name, added_by, date_added) VALUES (?, ?, ?, ?, ?, ?, ?, ?)} with params {189,711,189_9c5d837bb10b7e0989a3c8be8d,application/pdf; charset=binary,736986,Guia de aplicación medidas difusicón y publicidad.pdf,4,1441827828} Failed! (Incorrect string value: '\xCC\x81n me...' for column 'orig_name' at row 1)

here we have a pdf named "Guia de aplicación medidas difusicón y publicidad.pdf" but I had this error also with titles or descriptions containing spanish letters...

2049Backend/CoreFeature RequestMediumDisplay login page or customizable page to anonymous us...Unconfirmed
209.09.201504.04.2016 Task Description

Currently, if there are no public project, the anonymous users gets a blank page not very useful. It will be a good idea to have a global configuration parameter to display some customizable-page or maybe the login form instead.

2053Backend/CoreBug ReportLowambiguous user name display username / realnameNew
1.1 devel217.09.201519.02.2020 Task Description

With the existence of now two peoples named “Peter” on (I - peterdd , and PeterTheOne)
there are several places where the full names are display instead of usernames and the user can’t know who is which “Peter” until he visits the users profile page.

Different solutions possible:

  • more profile image/gravatar usage where user names are shown, on mouseover link title attribute shows username and realname
  • display user name (username) instead of full name (realname)
  • display full name and username (where much space available and precision needed)

When adding the mention feature, the username will be probably the prefered setting as the username is unique but the realname not.

2054Backend/CoreFeature RequestLowFields for csv export choosable like for task listNew
2.0117.09.201531.12.2017 Task Description

Currently the task list columns are used, which are choosed by admin or project manager for the task list view.

2055Backend/CoreBug ReportLowMake the csv export table fields respect the user permi...New
1.1 devel17.09.201517.09.2015 Task Description

Just moved issue #110 from to here for centralized task tracking.

Maybe just needs testing with current github master.

2057Backend/CoreBug ReportLowDo not resubmit forms on browser reload button or F5New
122.09.201523.09.2015 Task Description

On some forms, when the user presses the reload button of this browser, the POST submit can be resubmitted.

Browsers can warn about this (Chromium, Firefox, Konqueror tested and they show a warning dialog) before executing the second POST.
But people on Flyspray mailing list wrote they experienced double comments.

Simple solution is just HTTP GET redirects after a successful POST. (HTTP 303 or HTTP 302)
But maybe there is a better method than a second roundtrip always needed?

Success, Error, or Warn-messages to the user are stored in the $_SESSION variable for displaying on the second GET request.
But I think that this is a bit ... mmh... not perfect.

For example, I would like to have in the direct response at which position in a form an input error is, not just the message bar in the top center as it is currently that just dissappear after a few seconds.

Also take care the browser back button still works as expected for the user.

2058Backend/CoreBug ReportLowClosing of 'Issues' featureNew
24.09.201524.09.2015 Task Description

As discussed with the team some time ago, a consolidation of places where issues are discussed is wanted.

One of the results was, that we do not want people post issues to Issues and instead use our own
and to prefer "to eat our own dogfood" and a have central place to handle tasks.

As a result we tried to reduce the open issueas on I was in the process of moving 2 of still 7 open issues there to when suddenly the Issues on were closed. :-( Now the last 5 issues there are lost at the moment for me and the audience, which where mostly informations to interested users, not bugs.

I think just closing it without an easy accessible alternative is not the best solution.

At least we should wait until the oauth2 authentication for github users should be implemented and setup on , so people browsing, finding Flyspray project just can
"Login with github"-feature on

The blocker to do this: Currently there is missing an option to "connect" an oauth "Login with github"- Login with an existend flyspray userlogin.

So that one userid in flyspray can:

  • login with username and password
  • login with one or more of his social accounts (github, facebook, microsoft, g+) if they are enabled (would it restrict to accounts for
2059Backend/CoreFeature RequestLowusage of github automated/webhook notificationsNew
24.09.201524.09.2015 Task Description

We have no API yet for Flyspray.

But someone could write a simple php-file that can be called by a auto notification, whenever:

  • a commit on for Flyspray/flyspray is made provides the configuration of such notification for a possible target like


in the settings of a project.

What the file needs:

  • import some of the existing Flyspray classes from includes/
  • config or load the secrets that are provided by in the setup for the automatic notification
  • check that secrets and more for authentication and authorization of requests coming from
  • parse the messages for Flyspray identifiers like ' FS#1234 ' or 'fix  FS#1234 ' or 'related to  FS#1234 '
  • take actions on the results of that message parsing like making adding comment or modifying a task status
2063Backend/CoreFeature RequestVery Lowshow closed/open usage count on do=pm&area=XXXNew
peterdd129.09.201525.03.2021 Task Description

Currently on

  • do=pm&area=cat
  • do=pm&area=version
  • do=pm&area=os
  • do=pm&area=resolution
  • do=pm&area=status
  • do=pm&area=tags
  • do=pm&area=tasktype

a count of usage in tasks is shown for every property.

Interesting would be if the counter shows the count for open/closed tasks on each row.

2068Backend/CoreInformationLowDeprecated: mysql_connect(): The mysql extension is dep...Unconfirmed
810.10.201528.09.2020 Task Description

My version of PHP still shows deprecation warnings with flyspray.

Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in /var/www/ on line 353

Have all mysql.connect instances been removed? The connect will be removed from PHP soon and will cause problems.

2073Backend/CoreBug ReportLowCouldn't edit comment of anonymous reporterNew
17.10.201517.10.2015 Task Description

I wanted edit/fix the comment of an anonymous reporter, but the edit shows empty content on editing..

(here on closed, but non yet implemented  FS#218 )

2089Backend/CoreBug ReportMediumadding same taskid as subtask or related task should be...New
1.0207.11.201518.11.2016 Task Description

Both is a bit illogical, but both is currently possible! ;-)

1 ←- 1

So when setting the parent task id checked for creating loops is needed:

Loop with 2 tasks: 1 ←- 2 ←- 1

Loop with 3 tasks: 1 ←- 2 ←- 3 ←- 1
Loop with n tasks: 1 ←- ... ←- n < – 1

As I think there are currently no recursive reads that could lead to an endless loop, but should be kept in mind when someone wants to programm rendering a gantt chart.
E.g. by limiting the depth of subtasks for example.

2096Backend/CoreFeature RequestVery LowAdd an option to force httpsMaybe
316.01.201617.01.2016 Task Description

Can you add an option to force HTTPS ?


2101Backend/CoreBug ReportLowMobile view GUI bugConfirmed
418.02.201624.02.2016 Task Description

As you can see on screenshot attachment the GUI on mobile view is not OK.

I marked with red field what need to be fixed.

Phone used: Samsung Note 4.

2104Backend/CoreBug ReportLowfiltering by one user on tasks with multiple assignees ...New
226.02.201615.06.2020 Task Description

If you have a tasklist with tasks that have multiple assignees in a task and you search just by one of the assignees, the resulting tasklist shows only this user in the assignees column.

Expected: all assignees of the tasks are shown.

2105Backend/CoreFeature RequestMediumcountermeasures for 'add task anonymous' spamNew
127.02.201627.02.2016 Task Description

Today I got first SPAM on bugtracker.

Question: Is it possible to enable CAPTCHA for anonymus task add?

Question 2: Is it possible to delete SPAM tasks.

2119Backend/CoreBug ReportMediumfunction filter_input not always availableResearching
15.04.201615.04.2016 Task Description

filter_input() is in extension “Filter”.

It is enabled by default since PHP5.2, see but not “always”, see!topic/flyspray/QM75BvwPqGM

filter_input() is only used at 1 section in Flyspray (since 2014 up to v1.0rc1) in includes/
This is the commit

How do we solve it? Several possibilities:

2121Backend/CoreBug ReportMedium'my assigned tasks' uses like %?% search instead of use...Confirmed
1.0319.04.201603.02.2018 Task Description


The button ‘My assigned tasks’ should search only by userid, not in username or realname with the LIKE ‘%...%’ operator.

Currently the button is using the same as doing an advanced search filling the ‘Assigned To’ input field. (currently ‘dev’ param) But that search param searches in userid, username and realname.

Edit: Implemented simpler solution: if param is digitsonly, then search by userid, otherwise by username and realname if that param exists.

2122Backend/CoreBug ReportMediumopen_basedir restrictions for FS_CACHE_DIR not respecte...Suspended
422.04.201616.08.2016 Task Description

Edit by peterdd: renamed task summary

Affected versions: at least Flyspray 0.9.9(.7/*?) up to Flyspray 1.0 RC1

Original report: Title ‘Problem regarding 0.9.7 (1.0) to 1.0 RC-1 update’

I tried to update BT from modified version (database in original state) 0.9.7 to 1.0 RC-1 but I got strange error.

PHP is 5.6.

I try to use:
Precompiled with 3rd party libs for PHP5.6

and was doing as was written on upgrade procedure.

Strange is that “D:\SShopBT\includes\class.flyspray.php” there are errors regarding writtable path... Because the path is correct and all other Joomla and Wordpress web sites are working correctly..

After upgrade web site do not work att all. Login not working - just get error. So I must reverse (use backup) database and files.

Server is Windows Server and IIS (Internet Information Services)..

Complete error was (also seen in screenshot):

Warning: is_writable(): open_basedir restriction in effect. File(C:\PHP-temp) is not within the allowed path(s): (D:\) in D:\SShopBT\includes\class.flyspray.php on line 1162 
Warning: is_writable(): open_basedir restriction in effect. File(C:\PHP-temp) is not within the allowed path(s): (D:\) in D:\SShopBT\includes\class.flyspray.php on line 1164 
Warning: is_dir(): open_basedir restriction in effect. File(C:\Windows\TEMP\e865fa2fdfc11dbb32cc6262d247e766) is not within the allowed path(s): (D:\) in D:\SShopBT\includes\ on line 82 
Warning: Cannot modify header information - headers already sent by (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\header.php on line 14 
Warning: Cannot modify header information - headers already sent by (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\header.php on line 15 
Warning: Cannot modify header information - headers already sent by (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\header.php on line 16 
Warning: session_start(): Cannot send session cookie - headers already sent by (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\includes\class.flyspray.php on line 893 
Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\includes\class.flyspray.php on line 893 
Warning: Cannot modify header information - headers already sent by (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\index.php on line 93 
Warning: Cannot modify header information - headers already sent by (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\index.php on line 94 Headers are already sent, this should not have happened. Please inform Flyspray developers.
2137Backend/CoreBug ReportLowfeature accesskey bad implemented by web browsersNew
15.06.201615.06.2016 Task Description

My tests showed that the html accesskey feature is not well and consistent supported by current web browsers and is quite cumbersome to use.
And it seems it will not be better in future..

The only solution I see dropping that feature or replacing them with simple single-key-event javascript listeners, like it is currently done with keys o, j, k, n, and p.

accesskeys in Flyspray I talk about:

  • l (current SHIFT+ALT+l Firefox) login dialog / logout
  • a (current SHIFT+ALT+a Firefox) add new task
  • m (current SHIFT+ALT+m Firefox) my searches
  • t (current SHIFT+ALT+t Firefox) focus taskid search
  • e (current SHIFT+ALT+e + Enter Firefox) edit task
  • x or y? (current SHIFT+ALT+y Firefox) close task
  • s (current SHIFT+ALT+s Firefox) save task

Also related to Keyboard navigation: tabindex

2142Backend/CoreBug ReportLowPost-authenticate redirect does not make use of baseurl...Unconfirmed
28.06.201601.08.2016 Task Description

I run flyspray behind a reverse proxy with the front end url being https and with the actual back end server not being on a standard port and not using https.

Setting force_baseurl seems to sort most areas with flyspray’s url generation using that instead of picking up from $_SERVER, however post-authentication redirection does not do that it just processes redirect_to as is (which in my case means it picks up the protocol, name and port for the back end server rather than what’s set in force_baseurl).

./themes/CleanFS/templates/loginbox.tpl puts out $_SERVER[’REQUEST_URI‘] into a hidden redirect_to input field - on my setup on the front page that’s e.g. “/” or for a ticket url it would be “/index.php?do=details&task_id=999” so no protocol or hostname.

scripts/authenticate.php picks up that redirect_to value and just passes it to Flyspray::Redirect, which in turn calls FlySpray::absoluteURI on what it’s passed, and FlySpray::absoluteURI doesn’t use $baseurl to qualify the url.

Not sure what the best fix is - my suggestion would be that Redirect detects urls that aren’t fully qualified and adds the $baseurl on to the front of them, rather than calling absoluteURI (absoluteURI is used to set $baseurl if force_baseurl is unset, so that’s not appropriate to modify). Alternatively scripts/authenticate.php could check redirect_to and add $baseurl if needed.

2160Backend/CoreBug ReportLowCannot "accept" PM close request if already closedUnconfirmed
14.07.201614.07.2016 Task Description

If a task creator requested closure, and someone (developer) closes the task explicitly, the PM request cannot be later ‘accepted’ and the PM request remains in the queue.

Workaround - Deny request and queue item is removed OK.

It looks like the PM request button invoked details.close which returns early if task is already closed.

2188Backend/CoreBug ReportVery LowIt should not possible to relate a task to itselfNew
01.08.201601.08.2016 Task Description

Flyspray should show a warning, and maybe set the focus back to the field (only when it is a this-one-field-only-form.)

2190Backend/CoreFeature RequestLowenable move of a closed clask to other project without ...Researching
06.08.201606.08.2016 Task Description

Problem: By replacing just the project_id of the closed task it is possible the task then has invalid field values within the target project.

Possible scenarios:

  1. Ignore invalid values within the target project
    • Pro: Easy to do, an immidiatly revert back to the old project would “heal” the task properties.
    • Contra: may effect accuracy and reliability of other parts like searching, listing, statistic calculations
  2. Silent change task field values to valid field values of the target project if necessary
    • Pro: relative easy to do
    • Contra: a bit loss of information, little side effects
  3. allow user to modify the fields that must be changed so that every field of the task has valid values within the target project
    • Pro: accuracy
    • Contra: a bit loss of information(fallback to default values) if there are no similiar field values selectable within the project
  4. allow user to modify the fields, fields or field select values that do not exists in target project will be automatically created.
    • Pro: accuracy
    • Contra: target project may be cluttered with too many fields/field values
  5. ???
2197Backend/CoreBug ReportHighChange Time for everyoneUnconfirmed
121.08.201622.08.2016 Task Description

Flyspray does not recover the time set in php.ini. On display, the system has two hour delay.

2203Backend/CoreInformationLowlanguage files are in folder lang. But i can't change l...Unconfirmed
2207Backend/CoreBug ReportHighNonpublic project titles and project description exposi...Confirmed
2214Backend/CoreInformationLowChanging status of task automaticallyUnconfirmed
2220Backend/CoreInformationLowOne status with different color in tasklistUnconfirmed
2315Backend/CoreBug ReportLowFiling a new task is possible with no details in the ma...Unconfirmed
2324Backend/CoreInformationLowUpdate composer.jsonUnconfirmed
2327Backend/CoreFeature RequestLowvisibility-option for private tasksUnconfirmed
2328Backend/CoreFeature RequestMediumAdd [key] support for each project instead of FS#Unconfirmed
2330Backend/CoreBug ReportLowPHP Notice: Undefined offset: 0 in scripts/index.php o...Unconfirmed
2332Backend/CoreBug ReportMediumCSV export filename filteringNew
2333Backend/CoreInformationLowSet Default View on Login?Unconfirmed
2335Backend/CoreInformationLowPDF Attachment does NOT View/Open in New Window/TabUnconfirmed
2336Backend/CoreBug ReportLowCaptcha validation always fail on registrationUnconfirmed
2338Backend/CoreBug ReportMediumExport tasks to csv has issuesUnconfirmed
2346Backend/CoreFeature RequestLowCustom css inheritanceUnconfirmed
2427Backend/CoreFeature RequestLowallow hotlinking (direct links) to uploaded filesUnconfirmed
2429Backend/CoreInformationLowMy tasks URLUnconfirmed
2430Backend/CoreFeature RequestLowUser dependency on projectUnconfirmed
2435Backend/CoreInformationLowMax attach a fileUnconfirmed
2436Backend/CoreBug ReportLowdokuwiki renderer creates nonunique html-id for h1,h2,h...New
2439Backend/CoreFeature RequestLowClone a ProjectNew
2440Backend/CoreFeature RequestLowOption to disable tag featureNew
2441Backend/CoreBug ReportMediumrefactor dokuwiki image tagsNew
2447Backend/CoreFeature RequestMediumAllow notifications when a new task is createdUnconfirmed
2448Backend/CoreBug ReportLowerror message in eventlog reportsUnconfirmed
Showing tasks 101 - 150 of 310 Page 3 of 7

Available keyboard shortcuts


Task Details

Task Editing