Flyspray - The bug killer!

I have a major problem. At the first I thought that problem is on my server - Windows OS, IIS. But now when I have second bug tracker site on Apache server and error is the same I know that this is not server error but bug tracker error.

How can I help that we resolve this problem?

If e-mail need’s to be sent I got blank white page and nothing happens.

In attachment is my bug tracker with installer (setup) folder. If this somehow helps it?

Version which is used is 1.0 (latest on web) (edit by peterdd: was a mix of older Flyspray versions). The problem is that nothing works because e-mails are not working..

filter_input() is in extension “Filter”.

It is enabled by default since PHP5.2, see http://php.net/manual/en/migration52.new-extensions.php but not “always”, see https://groups.google.com/forum/?hl=de#!topic/flyspray/QM75BvwPqGM

filter_input() is only used at 1 section in Flyspray (since 2014 up to v1.0rc1) in includes/fix.inc.php
This is the commit https://github.com/Flyspray/flyspray/commit/40861911260812c99682fe3456350cb63bb243a9

How do we solve it? Several possibilities:

• Do we really need this calls here? What “bad input” is filtered here?
• Test if the extension is enabled at install/update tests/screens.
• use function_exists() test at every request ( similiar to the source code before https://github.com/Flyspray/flyspray/commit/40861911260812c99682fe3456350cb63bb243a9 )

Problem: https://github.com/Flyspray/flyspray/pull/552

The button ‘My assigned tasks’ should search only by userid, not in username or realname with the LIKE ‘%...%’ operator.

Currently the button is using the same as doing an advanced search filling the ‘Assigned To’ input field. (currently ‘dev’ param) But that search param searches in userid, username and realname.

Edit: Implemented simpler solution: if param is digitsonly, then search by userid, otherwise by username and realname if that param exists.

Edit by peterdd: renamed task summary

Affected versions: at least Flyspray 0.9.9(.7/*?) up to Flyspray 1.0 RC1

Original report: Title ‘Problem regarding 0.9.7 (1.0) to 1.0 RC-1 update’

I tried to update BT from modified version (database in original state) 0.9.7 to 1.0 RC-1 but I got strange error.

PHP is 5.6.

I try to use:
Precompiled with 3rd party libs for PHP5.6

and was doing as was written on upgrade procedure.

Strange is that “D:\SShopBT\includes\class.flyspray.php” there are errors regarding writtable path... Because the path is correct and all other Joomla and Wordpress web sites are working correctly..

After upgrade web site do not work att all. Login not working - just get error. So I must reverse (use backup) database and files.

Server is Windows Server and IIS (Internet Information Services)..

Complete error was (also seen in screenshot):

Warning: is_writable(): open_basedir restriction in effect. File(C:\PHP-temp) is not within the allowed path(s): (D:\) in D:\SShopBT\includes\class.flyspray.php on line 1162 
Warning: is_writable(): open_basedir restriction in effect. File(C:\PHP-temp) is not within the allowed path(s): (D:\) in D:\SShopBT\includes\class.flyspray.php on line 1164 
Warning: is_dir(): open_basedir restriction in effect. File(C:\Windows\TEMP\e865fa2fdfc11dbb32cc6262d247e766) is not within the allowed path(s): (D:\) in D:\SShopBT\includes\constants.inc.php on line 82 
Warning: Cannot modify header information - headers already sent by (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\header.php on line 14 
Warning: Cannot modify header information - headers already sent by (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\header.php on line 15 
Warning: Cannot modify header information - headers already sent by (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\header.php on line 16 
Warning: session_start(): Cannot send session cookie - headers already sent by (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\includes\class.flyspray.php on line 893 
Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\includes\class.flyspray.php on line 893 
Warning: Cannot modify header information - headers already sent by (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\index.php on line 93 
Warning: Cannot modify header information - headers already sent by (output started at D:\SShopBT\includes\class.flyspray.php:1162) in D:\SShopBT\index.php on line 94 Headers are already sent, this should not have happened. Please inform Flyspray developers.

Logged in as admin, modify a users group membership. After clicking update, you are returned to your logged-in profile (admin in this case). It should re-display the user’s profile you are editing.

The ‘back’ button will return to updated page.

The user preferences and the add new user screens both allow you to set the timezone offset of the user, however, we are only provided with whole hour offsets from GMT. This makes it impossible to select our timezone here in India, which is GMT+5:30 - IST(Indian Standard Time - Asia/Kolkata as per TZ Zoneinfo). In addition, there are also timezones in the GMT+x:45, which wouild also require to be handled. Note, this is totally independent of DST Changes, since some of the countries use DST(Like in Australia) and others do not(Like India).

Here is a link with more details of the same - http://www.timeanddate.com/time/time-zones-interesting.html

I will be trying to identify and fix the codebase to resolve this, and will hopefully have a patch to submit soon.

Regards
R. K. Rajeev

When adding a tag in Greek letters (e.g. “Δοκιμή”) I get:

Query {SELECT tag_id FROM `flyspray_list_tag` WHERE (project_id=0 OR project_id=?) AND tag_name LIKE ? ORDER BY project_id} with params {5,Δοκιμή} Failed! (Illegal mix of collations (latin1_swedish_ci,IMPLICIT) and (utf8_general_ci,COERCIBLE) for operation ‘like’)

In some parts of the world (primarily the US), the date is viewed as Month/Day/Year. However, all options in the current rc4 build are listed as Day/Month/Year aside from one, which goes ShortWrittenMonth/Day#/Year#.

This is poor from a customer perspective, and can be highly confusing. I can change the date globally to a correct format in the database, but this doesn’t help much as every user can select their own date which has all incorrect formats.

we should show the category tree in the task list.
in the task we show the tree.

e.g. “Parent → Sub” instead of “Sub”

Adding key support for each project instead of using the prefix FS#<task_id>

Let the administrator choose the key for project.

What’s a project key?
It prefixes each task in the project

The filename for the csv export is build based on project name and current date.

Due different handling of web browsers, the appropriate http header should send the filename in ascii and also provide them as utf-8 for web browsers who can handle that.

Related RFC5987

You cannot select the fields for export to csv. This means that the commentfield (edit: you mean task description, right?) is always exported too. As this commentfield task description (?) could contain quotes, comma’s etc (like people inserting copies of emails on an issue) it corrupts the output file and the file cannot be read by excel.

Good Morning,

I have this message error when I want configure SMTP Server :
Completely unexpected exception: Connection could not be established with host 192.168.0.10 [Permission denied #13]
This should never happend, please inform Flyspray Developers

My flyspray installs on CentOS v7. Postfix installs on the server but I don’t configure anymore.

Can you help me please

Julia LECLERC

I’ve tried inserting an image in the intro message but it doesn’t show. Is there something broken in the formattext.inc file? Seems unlikley because it’s so old but can’t work out why nothing shows.

Alan

I had to disable some parts last year within dokuwiki quickly due sever reported security issues in that area.

As tradeoff embedding images currently don’t work within dokuwiki textareas in Flyspray.

As I too wish that feature reappear working for my projects, this is on my personal list. But requires focused free time because must be made secure.

Maybe instead of using fetch.php of dokuwiki, we can use Flypsray’s ?getfile=id , which also checks permissions.
But must check also securly file types and maybe resize images to fit into the desired page (thumbnails).

The only (only!) feature that I have missing in Flyspray is an option to receive email notifications when a new task is created

I think that this could be in the profile of the user, and/or in the main configurations as “send a notification to the -group- (admins?) when a new task is created”

Thanks a lot! flyspray r00lz after all these years, never failed, no bugs, no hacks, fast and efficient! :)

A Happy user.

Currently the category_id is not checked if the value is legal for the project when a new task is created.

• must be unsigned int
• must be an active category_id of the project or global category.
• setting a category_id must be allowed - see project settings.

If invalid category_id is sent, deny creating task and show error message and show filled form again.

If no category_id is sent (or empty string) and category select is enabled:

• either choose a default category

or

• implement feature request FS#2451 and show that user should select a category.

I’ve set up an account with a username longer than 20 characters, but can’t reset the password because the
flyspray/index.php?do=lostpw
page username field has maxlength=”20” The maxlength for a new user registration seems to be 32 characters.

A related concern is that when setting up the default/admin user on first load of the system, I can use an email address as username (always my preference), but it’s actually not a valid username to create for others thereafter. Consider allowing ‘@’ character in usernames.

Currently the sessions are stored by the webservers default settings.

Having this sessions under control by Flyspray by storing it in the database has following advantages:

1. Allows handling of all sessions of a user by Flyspray.
2. Providing a session management for each user. The user can see on which devices he is currently logged in and could also force a logout on selective devices.
3. A forced logoff of all or some user sessions is easy implementable for admins.
4. Statistics about how many users and who is logged in. (user status: hide always, online, offline, do not disturb, ..)
5. Could make onpage-notifications easier to implement.
6. .. ?

Disadvantages:

1. A potential unknown security bug in Flyspray that could lead to reading a session db table could leak informations like who is currently online/active and make further attacks more focused or makes session takeover easier.
2. .. ?

It would be useful to print a list of tasks in a extended version.
e.g. All tasks from a programmer with all the details of it.

This information is already stored in the table "reminders" in field "last_sent". It might be helpful in some situations, if this date/time would be visible to the user on the reminder list, too.

In version 0.9.9.5.1 (unfortunately I couldn't select this version in the dropdown list on the left), reminders can only be created and edited by Admins and Project Managers. I recommend to give Assignees the permission to create reminders for themselves. To minimize any programming impact, his may be done as part of the "edit own tasks" permission.

This topic has been reported by Engie as part of Bug #713 for version 0.9.8 as well: "Also it would be useful if a user could create reminder for himself." Although that bug is already closed ("fixed in devel"), this part is not yet solved in the current version.

If you define an inactivity-close value in hours/days (haven't tried weeks) the bug is still open when the time expires.

the installer does not check for reserved characters when writing to flyspray.conf.php, causing parse_ini_file() to return an invalid database password.

For a combination of archiving / "notify bot" reasons I have found it useful to have a single global notification address where all bug reports / updates / comments go.

In the past I've used this to automatically dump updates into a IRC / Jabber chat room as well as provide a way for a project manager (me) to keep an idea of the amount of activity. Please let me know if you have questions about this.

Forms should be submittable by using keyboard shortcuts.
S for submit.
Set-able via the accesskey attribute on HTML inputs.

We need to have a better way to do user rights, group rights and manage users.

Here is what I am thinking, global administration can go to a ACL tab. Click on it and you have a simple way to add a new user / group. Two tabs on top are User Rights and Group Rights. These are global so each project will inherit the global setting for user / group.

Clicking on User Rights tab will lists users with a table to grant user rights. Specific to that user, it would be the same for group rights tab.

You can also search by a user name. This will make things faster to find that specific user.

Add Timezone Selection to Admin Panel

I often used color identifiers for my Task Statuses in my old bug tracking solution, and it helped me prioritize things, like confirming unconfirmed bugs. The only thing that currently has colors, is the severity- I’d like a possibility to have (customizable) colors for Task Statuses too.

It would be great to sort the task list by recent activity. This would mean any change to an issue, including new comments, would rise to the top. This would make it easy to keep up on recent discussion even if you don't want to get every single detail via notifications.

Any form should have its submit button directly below and to the right of the form.

This is most egregious on the New Task page where you have to scroll back up to the top right to submit.

Hello,
it is possible to change the layout for notification mails?
I'll put our logo into Mail body and I'll format the text in different font-styles.

Thank you!

Someone should go through all the changes from 1.0.0 and figure out which features should be ported to 1.0 devel and open tickets for them, and/or open tickets for the items that should be done in 2.0

Add a system where people can donate towards a specific task. For example, I want to donate $10 if someone implements gravatars. The money sits in a pool, and then when someone claims that task and it is marked as completed by the admin, they get the bounty (less some commission that goes towards the project).

Hi,
how can I search tasks by "Reason for closing"? There is an option for searching for status but I do not want search by tasks' status but by reason for closing it. Is it possible to do it?
Marcin

On a project or ticket basis should be able to hook in and possibly also share permissions

An account should be able to have multiple email addresses associated with it. For example, my primary email might be jordan@thevelozgroup.com, but I should also be able to log in via jordanmendler@gmail.com or other addresses I add.

Should be more of a link thread of activity rather than segmented

When editing a ticket to change things like User, Percent done, etc should be able to add a comment. When changing 100% → 70% for example, there is usually a comment that goes along with that (e.g., you didn't yet finish changing the background color)

Should have a page that is a users profile page. so clicking in that users name on a ticket takes you there and you can see what bugs are assigned to them, what they have commented on, and other info about them and about their activity.

In global permissions there is 'View tasks'. This makes it so a user can view all tasks. Need a way instead that they can view only their own tasks, for example a permission called 'View own tasks'.

If 'View own tasks' is checked for a user, in the project list we should only show projects which contain tickets that that user is a part of. Within a given project we should then only show tickets that the user is a part of if they have that permission set.

So for example if 'View tasks' is set, show user all tasks. 'View tasks' is not set, but 'View own tasks' is set then show them only their own tasks and projects.

As title says

I think it is time to think about an theme optimizied for mobile Devices.

We will not maintain several themes. We will review the current CleanFS theme to make it responsible instead.

Hello,
when I wanted to use Flyspray to manage request from non-technical customer, I found one missing feature:

I have "report a problem" link on devel version of web site. But to submit new task, it is necessary to login into Flyspray.

It would be nice if there was an URL with login form if user is not logged in and "add new task" form if he is logged in.

Example scenario:
- Customer visits devel site after some time and finds some problem. He wants to report it.
- Customer clicks "report a problem" on the devel site and Flyspray is opened.
- Customer now see some wierd error message and has no idea what is wrong. If anonymous reports are allowed, he sees the form, but cannot upload screenshots and he must enter his e-mail address.

How it should be:
- Customer visits devel site after some time and finds some problem. He wants to report it.
- Customer clicks "report a problem" on the devel site and Flyspray is opened.
- Customer sees login form and (if anonymous reports are allowed) there is also "add new task" form below the login form.
- Customer clicks "login" (password is saved in browser).
- Customer now can fill report with all the comfort.

My workplace is piloting Flyspray for an internal project and one feature that my boss was asking about was the ability to clone tasks and projects.

We have reoccurring simultaneous projects that contain a large number of testing tasks, and tasks dependent on other tasks, which makes starting up a new project very tedious. If it was possible to clone the contents of a task, or an entire project, we could create template tasks/projects that would really speed up the workflow.

Hi,I would like to see a enhancement, where you can submit/edit and assign it to multiple components, as it needs work from multiple sides.

For example: A user asks for a new object to be visualized. This includes work of the GUI designers and altering internal core structures. For internal management, I would like to label this for both teams.

I have a public bug tracker and would like to have a TODO like task, except restricted so only the developers can set the task type to TODO, while the general reporters can just submit bug reports or feature requests.

When entering the wrong SMTP information and then adding a user through Multiple New Users page, the error message is bad. It just says 'this should never happen'. Instead, we need to detect that it is an SMTP authentication error and report that issue to the user more clearly.

So, the new website is now online, the codestyle part is empty and I think we need to speak about them...

I can happily reformat the whole project once we have decided the whole thing. Don't forget, too strict code style leads to code style not being respected, so crap like max line length should be avoided. I personnaly don't know anybody coding from their mobile phones. I sometimes do check some code on it, but long lines never disturbed me as long as the line is not 5k chars long.

I think we should go for a standard one.

Things like:

- Do use brackets even if single lined condition
- Variable names have spaces replaced by the next words first letter in capital, start with a lower case
- Same goes for functions
- Etc etc. Pretty much of PSR-1 maybe 2

What I don't understand is the use of spaces, and I'd be for tabs instead of 4 spaces (some files use 2 spaces, some 3...). Most of the dev tools are by default set to use tabs and not spaces. And be seeing the code now we see that it clearly. So i'd be for reformatting into tabs, the whole, and same time fixing the broken identation in every files.

I could write it down for the website

Upon my implementation for an easier date selector, I think we should rework it as follow:

• Drop extended date concept
• Add a Time format
• Extended dates field become a concatenation of date format and time format.
  • The above make it easier to select your preferences

• Rename GMT to UTC
• Add automatic daylight saving configs

If I write a task and press the back button in the brower and go forward again, my expection is that the
text I wrote is still existing, even if I didn't save it.

It is frustrating losing a well thought issue editing and having it to rewrite.