Flyspray - The bug killer!

There is a display problem when reopening a task.

See the attached file please.

Spaces before or after a task search string gives too many results in the tasklist.

Example search strings:

test (space after word test)
 test
 test (space after word test)

Found this on bugs.archlinux.org, but also current 1.0-rc7 has this problem.

flyspray version: 1.0-rc6

How to reproduce:
Create a bug with tags (preferable with spaces)
Edit this bug
Change the spaces to ‘,’ Save

Expected behaviour:
Saves the tag with comma (even ; is the correct seperator).
It looks to me, that sanitisation of user input is missing here.

I’ve set up an account with a username longer than 20 characters, but can’t reset the password because the
flyspray/index.php?do=lostpw
page username field has maxlength=”20” The maxlength for a new user registration seems to be 32 characters.

A related concern is that when setting up the default/admin user on first load of the system, I can use an email address as username (always my preference), but it’s actually not a valid username to create for others thereafter. Consider allowing ‘@’ character in usernames.

Why can’t I set my own password during installation? I thought I did, but it created a different password.

Well, as everybody can see at the moment, someone (who? @floele ?) updated the server hosting bugs.flyspray.org to PHP7.2.x and now some ‘deprecated’-warnings are shown.
Edit: For example not working Flyspray 1.0-rc6 and older with the brand new PHP7.2:

• shows deprecated info on top
• shows deprecated info at every comment
• tells task in work by other user when you want to save a task.
• Uploaded files aren’t downloaded correct (open a downloaded image with a hexeditor for example to see)
• probably also scheduler (cronjob/schedule.php and sending emails effected)

Hello,

I recently upgraded a very old version of flyspray, the avatars (and gravatar) are enabled, my profile includes an image which looks correctly (I had a problem with the transparency btw, so I used then a JPG version). But the users that doesn’t has avatar shows up like a broken image.

Example: http://bugs.elivecd.org/index.php?do=details&task_id=262&tasks=&due=33&status%5B0%5D=&order=dateopened&sort=asc&order2=lastedit&sort2=asc

Maybe when there’s no avatar for the users would be needed to show a generic image?

Thank you
Thanatermesis

Let’s say you have multiple projects and decide to add a future version to admin → Version list to affect all projects.
When editing a task from a project and select that future version in “Due In Version” the Roadmap does not show the list of that “future version”.

Sorry for my English

I setup the default page to “roadmap” for a project, logged out, and it’s not possible to access the base url anymore. I chased the bug throughoutt the code and it seems that:

index.php calls scripts/roadmap.php at line 200:

if (!defined('NO_DO')) {
    require_once(BASEDIR . "/scripts/$do.php");
} 

and:

in scripts/roadmap.php, lines 11-13 redirect to base url:

if (!$proj->id) {
    Flyspray::show_error(25);
}

There are still some warnings about deprecated constructors when Flyspray runs with php7.

I try to install flyspray-1.0-rc1 on a shared hoster (all-inkl.com).

Apache
PHP 5.3.28 note by peterdd: php version can be switched on all-inkl.com settings per subdomain from 5.2, 5.3,5.4, 5.5, 5.6 up to 7.0

MYSQL 5.3.28 note by peterdd: not mysqlnd 5.0.12-dev as phpinfo told from all-inkl.com???

During & after installation (or updating) i get the following error:

Use of undefined constant ADODB_ASSOC_CASE_NATIVE - assumed 'ADODB_ASSOC_CASE_NATIVE' in /www/htdocs/[userid]/flyspray/vendor/adodb/adodb-php/adodb.inc.php on line 3818
Warning: Cannot modify header information - headers already sent by (output started at /www/htdocs/[userid]/flyspray/vendor/adodb/adodb-php/adodb.inc.php:4642) in /www/htdocs/[userid]/flyspray/includes/class.flyspray.php on line 835
Warning: Cannot modify header information - headers already sent by (output started at /www/htdocs/[userid]/flyspray/vendor/adodb/adodb-php/adodb.inc.php:4642) in /www/htdocs/[userid]/flyspray/includes/class.flyspray.php on line 835
Warning: Cannot modify header information - headers already sent by (output started at /www/htdocs/[userid]/flyspray/vendor/adodb/adodb-php/adodb.inc.php:4642) in /www/htdocs/[userid]/flyspray/includes/class.flyspray.php on line 835
Headers are already sent, this should not have happened. Please inform Flyspray developers.

The part before the last sentence is repeated numerous time. Sometimes the tracker is shown partially below the error message.

Cheers

Tried to create user name: xxx-yyy, xxx.yyy or xxx_yyy. Name is highlighted in ‘red’ and no ‘Send code’ button. Is this supposed to be OK?

with this general project settings for everyone (users and anon):

Project is active ('project_is_active'): yes
Allow anyone to view tasks of this project ('others_view'): no
Allow anyone to view roadmap of this project: no 
Allow anonymous users to open tasks: yes

1. Project is not selectable from Project drop down list with this settings, but should.
2. The can_view_project permission is currently a calculated value, currently using ‘others_view’ permission for guests.
3. Review where can_view_project() permission is used to limit access.

1. Evaluate if “Allow anonymous users to open tasks”- perm make can_view_project()-permission true is sufficient.
2. Or just use the “Allow anonymous users to open tasks”- perm at the relevant places. (I tend to prefer this, because of very limited places.)

1. TODO: update documentation http://www.flyspray.org/manual/project-management/
2. TODO: Maybe move

Allow anyone to view tasks of this project: no
Allow anyone to view roadmap of this project: no 
Allow anonymous users to open tasks: yes

from ‘Preferences’ project settings tab to the ‘User Groups’ project settings tab. So everything permission related is at one place.

I think the problem is within index.php, put in with commit https://github.com/Flyspray/flyspray/commit/651f09801a35533205971cf322483a0e52ad0a1d

A anon user cannot pass behind this code lines:

// make sure people are not attempting to manually fiddle with projects they are not allowed to play with
if (Req::has('project') && Req::val('project') != 0 && !$user->can_view_project(Req::val('project'))) {
    Flyspray::show_error( L('nopermission') );
    exit;
}

But before just removing removing the “exit;” here, needs too review if anon users cannot trigger bad actions.

Hi,

my customer set priority “very high”.

(note by peterdd: currently “very high” is priority6, but it was “flash” in older versions. See https://github.com/Flyspray/flyspray/commit/34fd39f86190983584c608c0d6754d5959338d3d )

After that i want to edit task to make some changes, i can’t save task because error of invalid priority. Other priorities works.

Screenshot attached

When saving the tag list at admin and project area, the ordering of the tags must be recalculated.

So it is not more legal to have a list ordering like (0,0,0,1,3,4,7)

That should be recalculated and stored as (1,2,3,4,5,6, 7) (or 0,1,2,3,4,5,6)
currently in file includes/modify.inc.php

Why?

Alternative

        /**
         * load all tags into array
         *
         * compared to listTags of class project, this preloads all tags in flyspray database
         * ideally maximal called once per http request, then using the array index for getting info
         *
         * @return array
         */
        public static function getAllTags()
        {
                global $db;
                $at=array();
                $res = $db->query('SELECT tag_id, project_id, list_position, tag_name, class, show_in_list FROM {list_tag}');
                while ($t = $db->fetchRow($res)){
                        $at[$t['tag_id']]=array(
                                'project_id'=>$t['project_id'],
                                'list_position'=>$t['list_position'],
                                'tag_name'=>$t['tag_name'],
                                'class'=>$t['class'],
                                'show_in_list'=>$t['show_in_list']
                        );
                }
                return $at;
        }

function tpl_draw_cell($task, $colname, $format = "<td class='%s'>%s</td>") {
  global $fs, $db, $proj, $page, $user, $alltags;
...
  case 'summary':
...
    if($task['tagids']!=''){
                        # if global $alltags are yet undefined, preload the tags now.
                        if(!is_array($alltags)) {
                                $alltags=$fs->getAllTags();
...
 foreach($tagids as $tagid){
                                $tgs.='<i class="tag t'.$tagid
                                        .(isset($alltags[$tagid]['class']) ? ' ' .htmlspecialchars($alltags[$tagid]['class'], ENT_QUOTES, 'utf-8') : '').'" title="'.htmlspecialchars($alltags[$tagid]['tag_name'], ENT_QUOTES, 'utf-8').'"></i>';
                        }

In the Look and Feel settings for a project, there’s a grayed out setting that says:

[[defaultorderby2]] (not implemented yet)

For a proper release this should be either implemented or removed from the UI.

It would be great to have this implemented, because without it I can’t seem to get the same good sorting I had in 0.9.9.6. In that version I had tasks sorted by severity and then newest open date first, but in 1.0-beta2 if I sort by severity I now get oldest open date first.

Since there are new prefs adding in, if anything is missing during an upgrade, we need to set reasonable defaults to avoid error messages. Here are some I see are missing:

url_rewriting
pages_welcome_msg
emailNoHTML
enable_avatars
hide_emails
only_oauth_reg
need_approval
active_oauths
max_vote_per_day
votes_per_project

I’m not sure this is a bug or this behavior is intended.

I have a user who belongs to a “basic” group but he’s a projects manager in one of the projects.

We have noticed he is not able to edit their own comments or tasks even though this feature is enabled in project managers group within this particular project.
I could only fix it by enabling these features in the global basic group, but I feel the project group setting should overwrite those from global groups.

no task description

An added link in a comment seems to not be saved or shown after edit.

If the category of a task was changed, the receivers of notifications for this task
only get the category ids, but not the name of the category in their notification.

The loading graphic ajax_load.gif was removed with the classic theme bluey/
and not copied in the same step to the later default theme directory.

So every javascript call to showPreview() results in a 404 request for that ajax_load.gif.

Someone with permissions to upload files can readd this please? You find the ajax_load.gif in github versions before july 2014.

.htaccess enables the mapping of nicer looking URLs to the default get parameter requests.

After all our changes for FS 1.0 we should review if it works well together when enabling .htaccess for the Rewrite Rules.

Maybe we have to update Rewrite Rules if there are added features that are good candidates for nicer urls.

Emails should be sent in both formats within one Email, not either text or HTML.

It is the choice of the users email program if he sees the messages as html or plain text.

So in best case we can drop this option when implemented and make Flyspray a bit more easier to administer?

If you save forms, it can happen that something is changes on the page. ^^

But if you render parts of the answer page before the form action is handled and database changes are made,
the answer page shows old information. Only on an additional request you see the current data.

The wrong way to solve this is making a redirect. Saw this in some other software and it was source of problems.