Flyspray Quality Assurance
         ==========================

This file contains a list of things to check before release and after major
changes in code.

Please note that some tests may require having two users--more and less
privileged--and two web browsers. These tests are marked with [2U].

Some tests are meant to fail; these are marked with [F].

Installation:
* detect if flyspray.conf.php is writeable
* licence agreement displays correctly, and will not advance without acceptance
* insert database tables using specified dbprefix
* set admin details
* logs-in admin after install has finished

Upgrade:
* detect if flyspray.conf.php is writeable
* insert database upgrade tables

Be sure to test everything below with address_rewriting both ON and OFF.

Tasks:
* create task
* create task twice in a row with the same details [F]
* find task using 'Show Task' box
* show task details
* show task details for non-existent task [F]
* take ownership (when permissions allow)
* take ownership (when permissions don't allow)
* add comment without attachment
* add comment with attachment
* check history entries
* assign task
* close task
* add dependency
* add dependency on non-existent task [F]
* search for tasks (check all conditions--developers, categories,
  severities, etc.--separately)
* show previous/next task using Prev / Next links
* check permissions for project selector dropdown
* mark task private, ensure it's treated as private [2U]
* watch task, add comment, check notification [2U]
* schedule reminder, check if it works
* view/download attachment when permissions allow
* view/download attachment when permissions don't allow [F]

Users:
* register as new user with confirmation code
* register as new user without confirmation code
* edit user details with myprofile.php

Project Manager's Toolbox:
* saving project prefs
* define columns in tasks view
* ensure project_id set correctly and respected when moving between tasks
  (TODO: specify places to check)
* project prefs respected everywhere (TODO: specify places to check)
* add new groups
* edit existing groups
* move user between project groups
* adding new list items
* editing existing lists
* deleting list items where available

Administrator's toolbox:
* saving preferences
* adding new users
* adding new groups
* editing groups
* move user between global groups
* adding new list items
* editing existing lists
* deleting list items where available
* add new project
* add category without owner

Code quality:
* check php syntax:
    for file in `find . -name '*.php'`; do php -l $file; done
* search for 'TODO', 'FIXME' and 'release' strings:
    grep -Er '(TODO|FIXME|release)' * | grep '.php:'

Security :

* If you added a new template function, make sure user submitted data is properly escaped and using the correct charset
    ie . $foo = htmlspecialchars($bar, ENT_QUOTES, 'utf-8') o use the XXX:safe filters.
* the template parser automatically escapes data only for plain variable templates, no action is required from your part.

* Check if the sql queries are using prepared statements if the query contains **any kind** of variables
* for table or column names make sure to check if they only contain numbers and letters.
* *** Do not use eval() **
* Do not use preg_replace with the "/e" modifier. if you need that, always use preg_replace_callback() it is faster, and  safer
* Do not use include* or require* with variables.
* Make sure the code includes fix.inc.php at some point.
* Avoid using any kind function that permits self-modifing code like create_function().