Blame | Last modification | View Log | Download
Admin Guide===========Reference for Administrators----------------------------[IMAGE]MantisBT Development Team<mantisbt-dev@lists.sourceforge.net>Copyright © 2016 MantisBT team. This material may only be distributedsubject to the terms and conditions set forth in the GNU FreeDocumentation License (GFDL), V1.2 or later (the latest version ispresently available at http://www.gnu.org/licenses/fdl.txt).AbstractThis book is targeted at MantisBT administrators, and documents theinstallation, upgrade, configuration, customization and administrationtasks required to operate the software.------------------------------------------------------------------------Chapter 1. About MantisBT=========================1.1. What is MantisBT?----------------------MantisBT is a web based bug tracking system that was first made availableto the public in November 2000. Over time it has matured and gained a lotof popularity, and now it has become one of the most popular open sourcebug/issue tracking systems. MantisBT is developed in PHP, with support tomultiple database backends including MySQL, MS SQL and PostgreSQL.MantisBT, as a PHP script, can run on any operating system that issupported by PHP and has support for one of the DBMSes that aresupported. MantisBT is known to run fine on Windows, Linux, macOS and avariety of Unix operating systems.1.2. Who should read this manual?---------------------------------This manual is targeted for the person responsible for evaluating,installing and maintaining MantisBT in a company. Typically we refer tothis person as the MantisBT administrator.1.3. License------------MantisBT is released under the terms of GNU General Public License (GPL).MantisBT is free to use and modify. It is free to redistribute as long asyou abide by the distribution terms of the GPL.1.4. How to get it?-------------------MantisBT is available in several Linux distributions including: Debian,Ubuntu, Fedora, Gentoo, Frugalware and others. Hence, if you are runningLinux, start by checking if your distribution has a package for MantisBT.If not, or if the package is not up-to-date with the latest MantisBTversion, then you may want to download it directly from here.For Windows, macOS and other operating systems, use the link providedabove to download MantisBT. The download is compressed in tar.gz or zipformat. Both formats can be unpacked using tools like 7-Zip (in case ofWindows).Note that at any point in time there are typically two "latest" MantisBTreleases that are available for download. The latest production release(stable), and the latest development release which can be an alpha or arelease candidate. It is not recommended to use development releases inproduction specially if it is still in the alpha stage unless theadministrator is familiar with PHP and is able to troubleshoot and fixany issues that may arise.1.5. About the Name-------------------When initially seeking to name this project Ken ran into a problem everyprogrammer encounters. What is a good name? It has to be descriptive,unique, and not too verbose. Additionally having multiple meanings wouldbe a nice touch. Quickly ruled out were php*Something* names which,incidentally, although popular, do not seem to be condoned by the PHPGroup developers. Drawing inspiration from Open Source projects likeApache, Mozilla, Gnome, and so forth resulted in two eventual choices:Dragonfly and Mantis. Dragonfly was already the name of a webmailpackage. So the name became Mantis.Praying Mantis are insects that feed primarily on other insects and bugs.They are extremely desirable in agriculture as they devour insects thatfeed on crops. They are also extremely elegant looking creatures. So, wehave a name that is fairly distinctive and descriptive in multiple ways.The BT suffix stands for "Bug Tracker" and distinguishes this projectfrom general usage of the word Mantis. However, over time the project wastypically referred to as Mantis.1.6. History------------Kenzaburo Ito and a friend originally created a bug tracker as aninternal tool for their pet project. A search for good, free packagescame up with nothing suitable so they wrote their own. After a rewriteand cleanup it was made available to the public via the GNU GeneralPublic License (GPL). The GPL was chosen partly because of his beliefthat development tools should be cheap or free. In 2002, Ken was joinedby Jeroen Latour, Victor Boctor and Julian Fitzell to be theadministrators and the core development team of MantisBT. This marks anew era in MantisBT lifetime where it is now a team project.1.7. Support------------There are plenty of resources to help answer support queries. Followingare the main ones:*Forums - The forums are one of the most popular destinations forgetting MantisBT support. Start off by searching the forums for yourquestions, if not found, then go ahead and submit a question.*Mailing lists - Several lists are available, each of them with itsown, specific purpose. Note that posting messages is restricted tosubscribers so you will have to register before you can sendmessages; however, there are public archives available if you're onlyinterested in reading.*Gitter is a browser-based, on-line chat that has mainly replaced theteam's use of IRC. In the main chat room, you can have a livediscussion with the developers and other MantisBT users. Gittersupports all modern browsers and also offers Android and iOS-basedclients, as well as an IRC bridge.*IRC - The IRC channel not very active anymore, as the developers havemoved on to using Gitter for live discussions; nevertheless, thechannel is still open. There are many free IRC clients: XChat (forLinux), HexChat, IceChat amongst others. You can also use Web Chat toconnect to IRC via your web browser, which may also be useful whenyou're behind a firewall that blocks the IRC port. The IRC channellogs are archived and made available on the MantisBT web site.*Wiki - The MantisBT Wiki has information related to "How To(recipes)", FAQ, feature requirements, plugins etc.*Search - A good way for locating an answer to your question orfinding more information about a topic is to search across allMantisBT website and the Internet via your favorite search engine,e.g. Google or Bing.NoteSupport questions should not be sent directly to MantisBT developers orthrough the MantisBT website's contact pages.Also, our bug tracker is reserved for reporting issues with the software,and must not be used for support requests.1.8. MantisBT News------------------There are several ways to keep up to date with MantisBT news. Theseinclude:*We send release announcements and important updates to usersregistered on our official bugtracker. To get onto our mailing list,users will have to signup there and verify their email address. Thissame account can also be used to report, monitor, and comment onissues relating to MantisBT.*MantisBT Blog is used to communicate announcements about newreleases, topics relating to MantisBT, etc. Users are encouraged tosubscribe to the RSS feed to know when new posts are posted there.*Twitter is used to notify users about up-to-date details about whatis happening with MantisBT development. Twitter users are encouragedto follow "@mantisbt".1.9. Versioning---------------Our release numbering convention follows the guidelines of SemanticVersioning. Given a version number Major.Minor.Patch and an optionalSuffix (eg. 1.3.0-rc.1):*Major - Indicates a very large change in the core package. Rewritesor major milestones. API changes which are not backwards-compatible.*Minor - Introduction of new features or significant changes infunctionality, in a backwards-compatible manner.*Patch - Bug fixes, maintenance and security releases.*Suffix - Optional, indicates a development release.*aN or alpha.N for alpha releases,*bN or beta.N for beta releases, or*rcN or rc.N for release candidates.Absence of suffix indicates a stable release.Chapter 2. Installation=======================This chapter explains how to install or upgrade MantisBT.2.1. Overview-------------The table below contains a high-level overview of the processes. Refer tothe corresponding sections for details.New InstallationUpgrade1.Section 2.2, “System Requirements”2.Section 2.3, “Pre-installation / upgrade tasks”3.Section 2.4, “New Installation”4.Section 2.6, “Configure your installation”5.Section 2.7, “Post-installation and upgrade tasks”6.Section 2.8, “Post-installation tasks”1.Section 2.3, “Pre-installation / upgrade tasks”2.Section 2.10, “Backups”3.Put the site down for maintenance4.Section 2.5, “Upgrading”5.Section 2.7, “Post-installation and upgrade tasks”6.Section 2.9, “Post-upgrade tasks”2.2. System Requirements------------------------2.2.1. Server Hardware RequirementsMantisBT has modest hardware requirements. It requires a computer that isable to run the server software (see Section 2.2.2, “Server SoftwareRequirements”).*Server typeThe server can be a shared public web server or a dedicatedco-located box.*CPU and MemoryAs for any web application, you should size your server based on thetraffic on the site.*DiskThe application code is less than 50 MiB.The amount of disk space required for the database will varydepending on the RDBMS and the volume of data, the main drivingfactor being the expected number and size of attachments.2.2.2. Server Software RequirementsAll of the required software is free for commercial and non-commercialuse (open source). Please refer to the table in Section 2.2.2.1,“Versions compatibility table” for minimum and recommended versions.*Operating SystemMantisBT runs on Windows, macOS, Linux, Solaris, the BSDs, and justabout anything that supports the required server software.*Web ServerMantisBT is mainly tested with Microsoft IIS and Apache. However, itis expected to work with any recent web server software.File Extensions: MantisBT uses only .php files. If your webserver isconfigured for other extensions (e.g. .PHP3, .PHTML) then you willhave to request the administrator to add support for .PHP files. Thisshould be a trivial modification. Further details can be found in thePHP documentation*PHPThe web server must support PHP. It can be installed as CGI or anyother integration technology.*PHP extensionsMantisBT is designed to work in as many environments as possible.Hence the required extensions are minimal and many of them areoptional affecting only one feature.Mandatory extensions*The extension for the RDBMS being used ( mysqli, pgsql,oci8, sqlsrv )*mbstring - Required for Unicode (UTF-8) support.*filter, hash, json, session - Required to run MantisBT ingeneral. These are bundled with PHP, and enabled bydefault. Note that hash is a core extension since PHP7.4.0, and json is a core extension since PHP 8.0.0.Optional extensions*Curl - required for the Twitter integration feature*GD - required for the captcha feature*Fileinfo - required for file attachments and most of thepluginsWithout this extension, file attachment previews anddownloads do not work as MantisBT won't be able to send theContent-Type header to a browser requesting an attachment.*LDAP - required for LDAP or Active Directory authentication(see Section 8.2, “LDAP and Microsoft Active Directory”).*SOAP - required to use the SOAP API (see Section 5.38,“API”).*zlib - required to enable output compression (see Section5.26, “Speed Optimisation”).NoteYou can check which PHP modules are installed by running php -m onthe command line, or by using the php_info() function in a PHPscript.*DatabaseMantisBT requires a database to store its data. The supported RDBMSare:*MySQL (or one of its forks, e.g. MariaDB)*PostgreSQLExperimental support is also available for*Microsoft SQL Server*OracleExperimental support means that manual intervention by a skilledDatabase Administrator may be required to complete the installation,and/or that there may be known issues or limitations when using thesoftware. Please refer to our Issue tracker, filtering on categoriesdb mssql and db oracle to find out more about those.NotePlease note that the MantisBT development team mainly works withMySQL, so testing for other drivers is not as extensive as we mainlyrely on community contributions to improve support and fix issueswith other RDBMS.We therefore recommend MySQL to store your database.2.2.2.1. Versions compatibility tableCategoryPackageMinimum VersionRecommendedCommentsRDBMSMySQL5.5.355.6 or laterPHP extension: mysqliMariaDB5.5.3510.4 or laterPHP extension: mysqliPostgreSQL9.211.20 or laterPHP extension: pgsqlMS SQL Server20122019 or laterPHP extension: sqlsrvOracle11gR219c or laterPHP extension: oci8PHPPHP7.2.58.0 or laterSee above for PHP extensionsWeb ServerApache2.2.x2.4.xlighttpd1.4.x1.4.xnginx1.10.x1.16.x or laterIIS7.510Windows Server 2016 or laterOur minimum requirements are generally based on availability of supportfor the underlying software by their respective vendors. In some cases,we do require a specific version because we rely on a feature that is notavailable in older releases.WarningRunning MantisBT with versions of the software components lower than theminimum requirements listed above is not supported.2.2.3. Client RequirementsMantisBT should run on all recent browsers in the market, including butnot limited to:*Firefox*Edge*Chrome*Safari*OperaNoteSupport for Internet Explorer 11 ended with release 2.22.0.2.3. Pre-installation / upgrade tasks-------------------------------------These tasks cover the download and deployment of MantisBT, and should beperformed prior to any new installation or upgrade.1.Download MantisBT (see Section 1.4, “How to get it?”)2.Transfer the downloaded file to your webserverThis can be done using whatever method you like best (ftp, scp, etc).You will need to telnet/ssh into the server machine for the nextsteps.3.Extract the releaseIt is highly recommended to maintain a separate directory for eachrelease. This not only avoids mismatch between versions, (files mayhave been added or removed) but also provides an easy path todowngrade your installation, should you need to.The usual command is (1 step):tar -xzf filename.tar.gzOR (2 steps):gunzip filename.tar.gz tar -xf filename.tarOther file archiving tools such as 7-Zip should also be able tohandle decompression of the archive.The extraction process should create a new directory likemantisbt-1.3.x4.Rename the directoryFor new installations, you may want to rename the directory justcreated to something simpler, e.g. mantisbtmv mantisbt-1.3.x mantisbt2.4. New Installation---------------------This chapter explains how to perform a new installation of MantisBT.Start by checking Section 2.2, “System Requirements” and installing theappropriate version of required software.Once that is done, execute the installation script. From your webbrowser, accesshttps://yoursite/mantisbt/admin/install.phpThe installation procedure will go through the following steps:1.The script checks basic parameters for the web server2.Provide required information for the installation*database type*database server hostname*user and passwordRequired privileges: SELECT, INSERT, UPDATE, and DELETE*high-privileged database accountAdditional privileges required: INDEX, CREATE, ALTER, and DROPIf this account is not specified, the database user will be used.3.Click the Install/Upgrade Database button4.The script creates the database and tables.The default Administrator user account is created at this stage, toallow the initial login and setup of MantisBT.5.The script attempts to write a basic config_inc.php file to definethe database connection parameters.This operation may fail if the web server's user account does nothave write permissions to the directory (which is recommended forobvious security reasons). In this case, you will have to manuallycreate the file and copy/paste the contents from the page.6.The script perform post installation checks on the system.Review and correct any errors.2.5. Upgrading--------------This chapter explains how to upgrade an existing MantisBT installation.Start by Performing the steps described in Section 2.3, “Pre-installation/ upgrade tasks” above.1.Put the site down for maintenancecp mantis_offline.php.sample mantis_offline.phpThis will prevent users from using the system while the upgrade is inprogress.2.Always Backup your code, data and config files before upgrading !This includes your Mantis directory, your attachments, and yourdatabase. Refer to Section 2.10, “Backups” for details.3.Copy the configuration filesTo preserve your system settings, you should copy the files listedbelow to subdirectory config of the new installation.*config_inc.php,*custom_strings_inc.php,*custom_constants_inc.php and*custom_functions_inc.php.NoteThe above list is not exhaustive. You might also have to copy othercustom files specific to your installation such as logo, favicon,css, etc.4.Copy third party pluginsTo maintain system functionality, you should copy any additionalplugins in the plugins subdirectory.For example on Unix, you could use the following command; it willcopy all installed plugins (in local subdirectories or symlinked),excluding bundled ones.cd /path/to/mantisbt-OLD/pluginsfind -maxdepth 1 ! -path . -type d -o -type l |grep -Pv "(Gravatar|MantisCoreFormatting|MantisGraph|XmlImportExport)" |xargs -Idirs cp -r dirs /path/to/mantisbt-NEW/pluginsWarningMake sure that you do not overwrite any of the bundled plugins as perthe list below, with an older version.*Avatars via Gravatar (Gravatar)*MantisBT Formatting (MantisCoreFormatting)*Mantis Graphs (MantisGraph)*Import/Export issues (XmlImportExport)5.Execute the upgrade script. From your web browser, accesshttps://yoursite/mantisbt-NEW/admin/install.phpwhere mantisbt-NEW is the name of the directory where the new releasewas extracted6.Provide required information for the upgrade*high-privileged database accountAdditional privileges required: INDEX, CREATE, ALTER, and DROPIf this account is not specified, the database user will be used.7.Click the Install/Upgrade Database button8.At the end of the upgrade, review and correct any warnings or errors.Upgrading large databasesWhen processing large databases from versions older than 1.2, the upgradescript may fail during the conversion of date fields, leaving the systemin an inconsistent (i.e. partially updated) state.In this case, you should simply restart the upgrade process, which willresume where it left off. Note that you may have to repeat this severaltimes, until normal completion.Reference: MantisBT issue 12735.2.6. Configure your installation--------------------------------There are many settings that you can adjust to configure and customizeMantisBT. Refer to Chapter 5, Configuration, as well as theconfig_defaults_inc.php file for in depth explanations of the availableoptions. Check out also Chapter 7, Customizing MantisBT for furtheroptions to personalize your installation.This step is normally only required for new installations, but whenupgrading you may want to review and possibly customize any newconfiguration options.Open or create the file config_inc.php in subfolder config in an editorand add or modify any values as required. These will override the defaultvalues.You may want to use the provided config_inc.php.sample file as a startingpoint.Warningyou should never edit the config_defaults_inc.php file directly, as itcould cause issues with future upgrades. Always store your customconfiguration in your own config_inc.php file.WarningThe MantisBT configuration files (config_inc.php as well ascustom_strings_inc.php, custom_constants_inc.php,custom_functions_inc.php, etc.) should always be saved as UTF-8 withoutBOM. Failure to do so may lead to unexpected display issues.2.7. Post-installation and upgrade tasks----------------------------------------Instructions in this section are common to both new installations andupgrades, and should be applied after completing either process.1.Test your configurationLoad up admin/check/index.php to validate whether everything is setupcorrectly, and take corrective action as needed.2.Delete the admin folderOnce you have confirmed that the install or upgrade process wassuccessful, you should delete this directoryrm -r adminFor security reasons, the scripts within this directory should not befreely accessible on a live MantisBT site, particularly one which isaccessible via the Internet, as they can allow unauthorized people(e.g. hackers) to gain technical knowledge about the system, as wellas perform administrative tasks.WarningOmitting this important step will leave your MantisBT instanceexposed to several potentially severe attacks, e.g. issue #23173 (ifmysqli.allow_local_infile is enabled in php.ini).2.8. Post-installation tasks----------------------------Instructions in this section should only be applied after a newinstallation1.Login to your bugtrackerUse the default Administrator account. The id and password areadministrator / root.2.Create a new Administrator accountGo to Manage > Users and create a new account with 'administrator'access level.3.Disable or delete the default Administrator account4.Create a new ProjectGo to Manage > Projects and create a new project2.9. Post-upgrade tasks-----------------------Instructions in this section should only be applied after upgrading anexisting installation.1.Test the new releasePerform any additional testing as appropriate to ensure the newversion does not introduce any regressions.2.Switch the site to the new versionThe commands below should be executed from the web root (or whereverthe mantisbt scripts are installed) and assume that the "live"directory (old version) is named mantisbt and the new releasedirectory is mantisbt-1.3.x.mv mantisbt mantisbt-oldmv mantisbt-1.3.x mantisbt3.Put the site back on linerm mantis_offline.phpThis should be the final step in the upgrade process, as it will letusers login again.2.10. Backups-------------It is strongly recommended to backup your MantisBT database on a regularbasis. The method to perform this operation depends on which RDBMS youuse.Backups are a complex subject, and the specificities of implementing andhandling them for each RDBMS are beyond the scope of this document. Foryour convenience, the section below provides a simple method to backupMySQL databases.You should also consider implementing backups of your MantisBT code(which includes your configs and possibly customization), as well asissue attachments (if stored on disk) and project documents.WarningYou should always backup your system (code and database) before upgrading!2.10.1. MySQL BackupsMySQL databases are easy to backup using the mysqldump command:mysqldump -u<username> -p<password> <database name> > <output file>To restore a backup you will need to have a clean database. Then run:mysql -u<username> -p<password> <database name> < <input file>You can also perform both of these tasks using phpMyAdminA good idea is to make a backup script and run it regularly through cronor a task scheduler. Using the current date in the filename can preventoverwriting and make cataloguing easier.References and useful links:*mysqldump documentation*Percona XtraBackup*AutoMySQLBackup script2.11. Uninstall---------------It is recommended that you make a backup in case you wish to use yourdata in the future. See Section 2.10, “Backups” for details.To uninstall MantisBT:*Delete the MantisBT directory and all files and subdirectories.*Drop all MantisBT tables from the database, these can be identifiedby the configured prefix for the installation. The default prefix is'mantis'.*Remove any customizations or additions that you may have made.If you have the permissions to create/drop databases and you have aspecific database for MantisBT that does not contain any other data, youcan drop the whole database.Chapter 3. User Management==========================3.1. Creating User Accounts---------------------------In MantisBT, there is no limit on the number of user accounts that can becreated. Typically, installations with thousands of users tend to have alimited number of users that have access level above REPORTER.By default users with ADMINISTRATOR access level have access to createnew user accounts. The steps to do that are:*Click "Manage" on Main Menu.*Click "Users" (if not selected by default).*Click "Create New Account" button just below the alphabet key.*Enter user name, email address, global access level (more detailsabout access levels later). Other fields are optional.*Click "Create Users".Creating a user triggers the following actions:*Creating a user in the database.*If email notifications ($g_enable_email_notification) is set to ON,then the user will receive an email allowing them to activate theiraccount and set their password. Otherwise, the account will becreated with a blank password.*If email notifications ($g_enable_email_notification) is set to ON,users with access level of $g_notify_new_user_created_threshold_minand above will get a notification that a user account has beencreated. Information about the user like user name, email address, IPaddress are included in the email notification.When the 'Protected' flag is set on a user account, it indicates that theaccount is a shared account (e.g. demo account) and hence users loggedusing such account will not be allowed to change account preferences andprofile information.The anonymous user account specified with the $g_anonymous_account optionwill always be treated as a protected user account. When you are creatingthe anonymous user account, the 'Protected' flag is essentially ignoredbecause the anonymous user is always treated as a protected user.3.2. Enabling/Disabling User Accounts-------------------------------------The recommended way of retiring user accounts is to disable them.Scenarios where this is useful is when a person leaves the team and it isnecessary to retire their account.Once an account is disabled the following will be enforced:*All currently active sessions for the account will be invalidated(i.e. automatically logged out).*It will no longer be possible login using this account.*No further email notifications will be sent to the account once it isdisabled.*The user account will not show anymore in lists like "assign to","send reminder to", etc.The disabling process is totally reversible. Hence, the account can bere-enabled and all the account history will remain intact. For example,the user will still have issues reported by them, assigned to them,monitored by them, etc.3.3. Deleting User Accounts---------------------------Another way to retire user accounts is by deleting them. This approach isonly recommended for accounts that have not been active (i.e. haven'treported issues). Once the account is deleted, any issues or actionsassociated with such account, will be associated with user123 (where 123is the code of the account that was deleted). Note that associated issuesor actions are not deleted.As far as the underlying database, after the deletion of a user, recordswith the user id as a foreign key will have a value that no longer existsin the users table. Hence, any tools that operate directly on thedatabase must take this into consideration.By default administrators are the only users who can delete useraccounts. They can delete accounts by clicking Manage, Users, locatingthe user to be deleted and opening it details page, then clicking on the"Delete User" button which deletes the user.Note that "Deleting Users" is not a reversible process. Hence, if it isrequired to re-add the user account, it is not possible to recreate theuser account so that it gets the same ID and hence retains its history.However, manually creating a record in the users table with the same id,can possibly do that. However, this approach is not recommended orsupported.3.4. User Signup----------------For open source and freeware projects, it is very common to setupMantisBT so that users can signup for an account and get a REPORTERaccess by default (configurable by the$g_default_new_account_access_level configuration option). The signupprocess can be enabled / disabled using the $g_allow_signup configurationoption, which is enabled by default.If user signup is enabled, then it is required that$g_send_reset_password is ON as well, and the e-mail settings properlyconfigured (see Section 5.8, “Email”).If email notifications ($g_enable_email_notification) is set to ON, userswith access level of $g_notify_new_user_created_threshold_min and abovewill get a notification that a user account has been created. Informationabout the user like user name, email address, IP address are included inthe email notification.3.5. Forgot Password and Reset Password---------------------------------------It is pretty common for users to forget their password. MantisBT providestwo ways to handle such scenario: "Forgot Password" and "Reset Password"."Forgot Password" is a self service scenario where users go to the loginpage, figure out they don't remember their password, and then click the"Lost your password?" link. Users are then asked for their user name andemail address. If correct, then they are sent an email with a link whichallows them to login to MantisBT and change their password."Reset Password" scenario is where a user reports to the administratorthat they are not able to login into MantisBT anymore. This can be due toforgetting their password and possibly user name or email address thatthey used when signing up. The administrator then goes to Manage, Users,locates the user account and opens its details. Under the user accountdetails, there is a "Reset Password" button which the administrator canclick to reset the password and trigger an email to the user to allowthem to get into MantisBT and set their password. In the case where emailnotifications are disabled, resetting password will set the password toan empty string.3.6. Impersonating a user-------------------------Administrators are able to impersonate users in order to reproduce anissue reported by a user, test their access making sure they can accessthe expected projects/issues/fields, or to create API tokens for serviceaccounts that are used to grant other systems limited access to MantisBT.3.7. Changing Password----------------------Users are able to change their own passwords (unless their account is"protected"). This can be done by clicking on "My Account", and thentyping the new password in the "Password" and "Confirm Password" fields,then clicking "Update User". Changing the password automaticallyinvalidates all logged in sessions and hence the user will be required tore-login. Invalidating existing sessions is very useful in the case wherea user going onto a computer, logs into MantisBT and leaves the computerwithout logging out. By changing the password from another computer, thesession on the original computer automatically becomes invalidated.3.8. Pruning User Accounts--------------------------The pruning function allows deleting of user accounts for accounts thathave been created more than a week ago, and they never logged in. This isparticularly useful for users who signed up with an invalid email or witha typo in their email address address.The account pruning can be done by administrators by going to "Manage","Users", and clicking the "Prune Accounts" button inside the "NeverLogged In" box.3.9. Authorization and Access Levels------------------------------------MantisBT uses access levels to define what a user can do. Each useraccount has a global or default access level that is associated with it.This access level is used as the access level for such users for allactions associated with public projects as well as actions that are notrelated to a specific project. Users with global access level less than$g_private_project_threshold will not have access to private projects bydefault.The default access levels shipped with MantisBT out of the box areVIEWER, REPORTER, UPDATER, DEVELOPER, MANAGER and ADMINISTRATOR. Eachfeatures has several configuration options associated with it andidentifies the required access level to do certain actions. For example,viewing an issue, reporting an issue, updating an issue, adding a note,etc.For example, in the case of reporting issues, the required access levelis configurable using the $g_report_bug_threshold configuration option(which is defaulted to REPORTER). So for a user to be able to report anissue against a public project, the user must have a project-specific ora global access level that is greater than or equal to REPORTER. However,in the case of reporting an issue against a private project, the usermust have project specific access level (that is explicitly grantedagainst the project) that is higher than REPORTER or have a global accesslevel that is higher than both $g_private_project_threshold and$g_report_bug_threshold.Note that project specific access levels override the global accesslevels. For example, a user may have REPORTER as the global access level,but have a MANAGER access level to a specific project. Or a user may haveMANAGER as the global access level by VIEWER access to a specificproject. Access levels can be overridden for both public and privateprojects. However, overriding access level is not allowed for users withglobal access ADMINISTRATOR.Each feature typically has multiple access control configuration optionsto define what access level can perform the operation. For example,adding a note may require REPORTER access level, updating it note mayrequire DEVELOPER access level, unless the note was added by the sameuser.Such threshold configuration options can be set to a single access level,which means users with such threshold and above are authorized to performthe action. The other option is to specify an array of access levelswhich indicates that users with the explicitly specific thresholds areallowed to execute the actions.It is also worth mentioning that the access levels are defined by the$g_access_levels_enum_string configuration option, and it is possible tocustomize such list. The default value for the available access levels is'10:viewer, 25:reporter, 40:updater, 55:developer, 70:manager,90:administrator'. The instructions about how to customize the list ofaccess levels will be covered in the customization section.3.10. Auto Creation of Accounts on Login----------------------------------------If you are using a global user directory (LDAP, Active Directory), youmay want to configure MantisBT so users who already exists in thedirectory will be automatically authenticated and added to MantisBT.For example, a company may setup their MantisBT installation in a way,where its staff members that are already registered in their LDAPdirectory, should be allowed to login into MantisBT with the same username and password. Another option could be if MantisBT is integrated intosome content management system, where it is desired to have a singleregistration and single sign-on experience.In such scenarios, once a user logs in for the first time, a user accountis automatically created for them, although the password verification isstill done against LDAP or the main users repository.3.11. User Preferences----------------------Users can fine tune the way MantisBT interacts with them by modifyingtheir user preferences to override the defaults set by the administrator;If the administrator changes a default setting, it will not automaticallycascade in the users' preferences once they have been set, so it is theusers' responsibility to manage their own preferences.The user preferences include the following:*Default Project: A user can choose the default project that isselected when the user first logs in. This can be a specific projector "All Projects". For users that only work on one project, it wouldmake sense to set such project as the default project (rather than"All Projects"). The active project is part of the filter applied onthe issues listed in the "View Issues" page. Also any newly reportedissues will be associated with the active project.*Refresh Delay: The refresh delay is used to specify the number ofseconds between auto-refreshes of the View Issues page.*Redirect Delay: The redirect delay is the number of seconds to waitafter displaying flash messages like "Issue created successfully",and before the user gets redirected to the next page.*Notes Sort Order: The preference relating to how notes should beordered when issue is viewed or in email notifications. Ascendingorder means that older notes are displayed first*Email on XXX: If unticked, then the notifications related to thecorresponding event would be disabled. User can also specify theminimum issue severity of for the email to be sent.Note that the preference is only used to disable notifications thatas per the administrator's configuration, this user would havequalified to receive.*Email Notes Limit: This preference can be used to limit the number ofissue notes to be included in a email notifications. Specifying Nhere will cause only the latest N to be included. The value 0 meansthat all notes will be included.*Language: The preferred language of the user. This language is usedby the GUI and in email notifications. Note that MantisBT uses UTF-8for encoding the data, hence the user could for example use MantisBTwith a Chinese interface, while logging issue data in German.3.12. User Profiles-------------------A user profile describes an environment that used to run the software forwhich issues are being tracked.When reporting issues, users can elect to enter information likeplatform, operating system and version manually, or they can choose froma list of available profiles.Each user has access to all the personal profiles they create, inaddition to global ones; Profile data includes "Platform", "OperatingSystem", "OS Version", and "Additional Description".Global profiles are typically used by the administrator to define a setof standard system settings used in their environment, which saves usersthe trouble of having to define them individually. The access levelrequired to manage global profiles is configured by the$g_manage_global_profile_threshold configuration option and defaults toMANAGER.Chapter 4. Issue Lifecycle and Workflow=======================================4.1. Issue Creation-------------------The life cycle of an issue starts with its creation. An issue can becreated via one of the following channels:*MantisBT Web Interface - This is where a user logs into MantisBT andreports a new issue.*SOAP API - Where an application automatically reports an issue intoMantisBT using the SOAP API web services interfaces. For example, thenightly build script can automatically report an issue if the buildfails.*Email - This is not supported out of the box, but there are existingMantisBT patches that would listen to emails on pre-configured emailaddresses and adds them to the MantisBT database.*Others - There can be several other ways to report issues. Forexample, applications / scripts that directly injects issues intoMantisBT database (not recommended, except for one-off migrationscripts), or PHP scripts that use the core MantisBT API to create newissues.4.2. Issue Statuses-------------------An important part of issue tracking is to classify issues as per theirstatus. Each team may decide to have a different set of categorizationfor the status of the issues, and hence, MantisBT provides the ability tocustomize the list of statuses. MantisBT assumes that an issue can be inone of three stages: opened, resolved and closed. Hence, the customizedstatuses list will be mapped to these three stages. For example, MantisBTcomes out of the box with the following statuses: new, feedback,acknowledged, confirmed, assigned, resolved and closed. In this case"new" -> "assigned" map to opened, "resolved" means resolved and "closed"means closed.Following is the explanation of what the standard statuses that areshipped with MantisBT means.*New - This is the landing status for new issues. Issues stay in thisstatus until they are assigned, acknowledged, confirmed or resolved.The next status can be "acknowledged", "confirmed", "assigned" or"resolved".*Acknowledged - This status is used by the development team to reflecttheir agreement to the suggested feature request. Or to agree withwhat the reporter is suggesting in an issue report, although theydidn't yet attempt to reproduce what the reporter is referring to.The next status is typically "assigned" or "confirmed".*Confirmed - This status is typically used by the development team tomention that they agree with what the reporter is suggesting in theissue and that they have confirmed and reproduced the issue. The nextstatus is typically "assigned".*Assigned - This status is used to reflect that the issue has beenassigned to one of the team members and that such team member isactively working on the issue. The next status is typically"resolved".*Resolved - This status is used to reflect that the issue has beenresolved. An issue can be resolved with one of many resolutions(customizable). For example, an issue can be resolved as "fixed","duplicate", "won't fix", "no change required", etc. The nextstatuses are typically "closed" or in case of the issue beingre-opened, then it would be "feedback".*Closed - This status reflects that the issue is completely closed andno further actions are required on it. It also typically hides theissue from the View Issues page. Some teams use "closed" to reflectsign-off by the reporter and others use it to reflect the fact thatthe fix has been released to customers.4.3. Workflow-------------Now that we have covered how an issue gets created, and what are thedifferent statuses during the life cycle of such issues, the next step isto define the workflow. The workflow dictates the valid transitionsbetween statuses and the user access level required of the user whotriggers such transitions; in other words, how issues move from onestatus to another and who is authorized to trigger such transitions.MantisBT provides the ability for teams to define their own customworkflow which works on top of their custom status (see Section 7.5,“Customizing Status Values”).4.3.1. Workflow TransitionsBy default, there is no workflow defined, which means that all states areaccessible from any other, by anyone.The "Manage > Configuration > Workflow Transitions" page allows userswith ADMINISTRATOR access level to do the following tasks:*Define the valid next statuses for each status.*Define the default next status for each status.*Define the minimum access level required for a user to transition toeach status.*Define the default status for newly created issues.*Define the status at which the issue is considered resolved. Anyissues a status code greater than or equal to the specified statuswill be considered resolved.*Define the status which is assigned to issues that are re-opened.*Define the required access level to change the workflow.Note that the scope of the applied change is dependent on the selectedproject. If "All Projects" is selected, then the configuration is to beused as the default for all projects, unless overridden by a specificproject. To configure for a specific project, switch to it via thecombobox at the top right corner of the screen.The Global ("All Projects") workflow can also be defined in theconfig_inc.php file, as per the following example.$g_status_enum_workflow[NEW_] ='30:acknowledged,20:feedback,40:confirmed,50:assigned,80:resolved';$g_status_enum_workflow[FEEDBACK] ='30:acknowledged,40:confirmed,50:assigned,80:resolved';$g_status_enum_workflow[ACKNOWLEDGED] ='40:confirmed,20:feedback,50:assigned,80:resolved';$g_status_enum_workflow[CONFIRMED] ='50:assigned,20:feedback,30:acknowledged,80:resolved';$g_status_enum_workflow[ASSIGNED] ='80:resolved,20:feedback,30:acknowledged,40:confirmed';$g_status_enum_workflow[RESOLVED] ='90:closed,20:feedback,50:assigned';$g_status_enum_workflow[CLOSED] ='20:feedback,50:assigned';NoteThe workflow needs to have a path from the statuses greater than or equalto the 'resolved' state back to the 'feedback' state (see$g_bug_resolved_status_threshold and $g_bug_feedback_status under Section5.22, “Status Settings”), otherwise, the re-open operation won't work.NoteThe first item in each list denotes the default value for this status,which will be pre-selected in the Change Status combobox in the ViewIssues page.4.3.2. Workflow ThresholdsThe "Manage > Configuration > Workflow Thresholds" page allows users withADMINISTRATOR access level to define the thresholds required to docertain actions. Following is a list of such actions and what they mean:*Report an issue - The access levels that are allowed to report anissue.*Update an issue - The access levels that are allowed to update theheader information of an issue.*Allow issue to be closed on resolved - The access levels that areallow to resolve and close an issue in one step.*Allow reporter to close issue - Indicates if reporters should beallowed to close issues reported by them.*Monitor an issue - The access levels required for a user to be ableto monitor an issue. Once a user monitors an issue, the user will beincluded in all future email notifications relating to changes in theissue.*Handle an issue - The access levels required for a user to be shownin the list of users that can handle an issue.*Assign an issue - The access levels required for a user to be able tochange the handler (i.e. assign / unassign) an issue.*Move an issue - The access levels required for a user to be able tomove an issue from one project to another. (TODO: are these accesslevels evaluated against source or destination project?).*Delete an issue - The access levels required for a user to be able todelete an issue.*Reopen an issue - The access levels required for a user to be able tore-open a resolved or closed issue.*Allow Reporter to re-open Issue - Whether the reporter of an issuecan re-open a resolved or closed issue, independent of their accesslevel.*Status to which a reopened issue is set - This is the status to whichan issue is set after it is re-opened.*Resolution to which a reopen issue is set - The resolution to set onissues that are reopened.*Status where an issue is considered resolved - The status at which anissue is considered resolved.*Status where an issue becomes readonly - Issues with such status andabove are considered read-only. Read-only issues can only be modifiedby users with a configured access level. Read-only applies to theissue header information as well as other issue related informationlike relationships, attachments, notes, etc.*Update readonly issues - The access levels required for a user to beable to modify a readonly issue.*Update issue status - The access levels required for a user to beable to modify the status of an issue.*View private issues - The access levels for a user to be able to viewa private issue.*Set view status (public vs. private) - The access level for a user tobe able to set whether an issue is private or public, when reportingthe issue. If the user reporting the issues doesn't have the requiredaccess, then the issue will be created with the default view state.*Update view status (public vs private) - The access level requiredfor a user to be able to update the view status (i.e. public vs.private).*Show list of users monitoring issue - The access level required for auser to be able to view the list of users monitoring an issue.*Set status on assignment of handler - The access levels required fora user to be able to re-assign an issue when changing its status.*Status to set auto-assigned issues to - The status - This is thestatus that is set on issues that are auto assigned to users that areassociated with the category that the issuer is reported under.*Limit reporter's access to their own issues - When set, reporters areonly allow to view issues that they have reported.*Add notes - The access levels required for users to be able to addnotes.*Update notes - The access levels required for users to be able toupdate issue notes.*Allow user to edit their own issue notes - A flag that indicates theability for users to edit issue notes report by them.*Delete note - The access levels required for a user to delete a notethat they may or may not have reported themselves.*View private notes - The access levels required for a user to be ableto view private notes associated with an issue that they have accessto view.*View Change Log - The access levels required for a user to be able toview the change log.*View Assigned To - The access levels required for a user to be ableto know the handler of an issue that they have access to.*View Issue History - The access levels required for a user to be ableto view the history of changes of an issue.*Send reminders - The access levels required for a user to be able tosend reminders to other users relating to an issue that they haveaccess to.Chapter 5. Configuration========================5.1. Introduction-----------------MantisBT is highly customizable through the web interface andconfiguration files. Configuration options can be set globally as well ascustomized for a specific project or user (except for options listed in$g_global_settings, see Section 5.5, “Configuration Settings”).Configuration options can be set in config_inc.php and in the database(using the various manage pages). Values stored in the database takeprecedence over values defined in config_inc.php. The former can also beviewed and updated on the Configuration Report page (Manage >Configuration > Configuration Report).To determine which value to use, MantisBT follows the list below,sequentially searching for the specified configuration option until amatch is found.1.database: current user, current project2.database: current user, all projects3.database: all users, current project4.database: all users, all projects5.config_inc.php6.config_defaults_inc.php5.2. Database-------------5.2.1. Base Database settingsThese settings are required for the system to work, and are typically setwhen installing MantisBT. They should be provided to you by your systemadministrator or your hosting company.$g_hostnameHost name or connection string for Database server. The defaultvalue is localhost. For MySql, this should be hostname orhostname:port (e.g. localhost:3306).$g_db_usernameUser name to use for connecting to the database. The user needs tohave read/write access to the MantisBT database. The default username is "root".$g_db_passwordPassword for the specified user name. The default password isempty.$g_database_nameName of database that contains MantisBT tables. The default name is'bugtracker'.$g_db_typeThe supported database types are listed in the table below.The PHP extension corresponding to the selected type must beenabled (see also Section 2.2.2.1, “Versions compatibility table”).RDBMSdb_type (ADOdb)PHP extensionCommentsMySQLmysqlimysqlidefaultPostgreSQLpgsqlpgsqlMS SQL ServermssqlnativesqlsrvOracleoci8oci85.2.2. Database table naming settingsMantisBT allows administrators to configure a prefix and a suffix for itstables. This enables multiple MantisBT installation in the same databaseor schema.WarningUse of long strings for these configuration options may cause issues onRDBMS restricting the size of its identifiers, such as Oracle (whichimposed a maximum size of 30 characters until version 12.1; starting with12cR2 this limit has been increased to 128).To avoid this limitation, it is recommended that*the prefix is set to blank or kept as short as possible (e.g. m).*the suffix is set to blank.*the plugin prefix is kept as short as possible (e.g. plg).$g_db_table_prefixSpecifies the prefix to be used for all table names. The defaultvalue is mantis.The given string is added with an underscore before the base tablename, e.g. for the bug table, the actual table name with thedefault prefix would be mantis_bug.$g_db_table_suffixSpecifies the suffix to be appended to all table names. The defaultvalue is table.The given string is added with an underscore after the base tablename, e.g. for the bug table, the actual table name with thedefault suffix would be bug_table.$g_db_table_plugin_prefixSpecifies the prefix to be used to differentiate tables belongingto a plugin's schema from MantisBT's own base tables. The defaultvalue is plugin.The given string is inserted with an underscore between the tableprefix and the base table name, and the plugin basename is addedafter that, e.g. for a table named foo in the Example plugin, withdefault values for prefixes and suffix the physical table namewould be mantis_plugin_Example_foo_table.WarningIt is strongly recommended not to use an empty string here, as thiscould lead to problems, e.g. conflicts if a plugin's basenamehappens to match one of MantisBT's base tables.$g_dsnAdodb Data Source Name This is an EXPERIMENTAL field. If the abovedatabase settings, do not provide enough flexibility, it ispossible to specify a dsn for the database connection. NOTE: theinstaller does not yet fully support the use of dsn's5.3. Path---------These path settings are important for proper linking within MantisBT. Inmost scenarios the default values should work fine, and you should notneed to override them.$g_pathURL to your installation as seen from the web browser; this is whatyou type into the URL field. Requires trailing '/' character. eg.'https://www.example.com/mantisbt/'. MantisBT will default this tothe correct value. However, in some cases it might be necessary tooverride the default. This is typically needed when an installationcan be accessed by multiple URLs (internal vs external).$g_short_pathShort web path without the domain name. This requires the trailing'/'.$g_absolute_pathThis is the absolute file system path to the MantisBT installation,it is defaulted to the directory where config_defaults_inc.phpresides. Requires trailing '/' character (eg.'/usr/apache/htdocs/mantisbt/').$g_core_pathThis is the path to the core directory of your installation. Thedefault value is usually OK but it is recommended that you move the'core' directory out of your webroot. Requires trailingDIRECTORY_SEPARATOR character.$g_class_pathThis is the path to the classes directory which is a sub-directoryof core by default. The default value is typically OK. Requirestrailing DIRECTORY_SEPARATOR. character.$g_library_pathThis is the path to the library directory of your installation. Thedefault value is usually OK but it is recommended that you move the'library' directory out of your webroot. Requires trailingDIRECTORY_SEPARATOR character.$g_vendor_pathPath to vendor folder for 3rd party libraries. Requires trailingDIRECTORY_SEPARATOR character.$g_language_pathThis is the path to the language directory of your installation.The default value is usually OK but it is recommended that you movethe 'language' directory out of your webroot. Requires trailingDIRECTORY_SEPARATOR character.$g_manual_urlThis is the url to the MantisBT online manual. Requires trailing'/' character.5.4. Webserver--------------$g_session_save_pathLocation where session files are stored. The default is false,meaning the session handler's default location will be used.$g_session_validationUse Session validation (defaults to ON)WarningDisabling this could be a potential security risk !$g_form_security_validationForm security validation, defaults to ON. This protects againstCross-Site Request Forgery. Some proxy servers may not correctlywork with this option enabled because they cache pages incorrectly.WarningDisabling this option is a security risk, it is stronglyrecommended to leave it ON$g_custom_headersAn array of custom headers to be sent with each page.For example, to allow your MantisBT installation to be viewed in aframe in IE6 when the frameset is not at the same hostname as theMantisBT install, you need to add a P3P header. You could trysomething like$g_custom_headers = array( 'P3P: CP="CUR ADM"' );in your config file, but make sure to check that your policyactually matches with what you are promising. See MSDN for moreinformation.Even though it is not recommended, you could also use this settingto disable previously sent headers. For example, assuming youdidn't want to benefit from Content Security Policy (CSP), youcould set:$g_custom_headers = array( 'Content-Security-Policy:' );WarningDisabling CSP is a security risk, it is strongly recommended thatyou leave it as Mantis defines it.$g_logout_redirect_pageSpecify where the user should be sent after logging out.$g_allow_browser_cacheThis will allow the browser to cache all pages. The upside will bebetter performance, but there may be cases where obsoleteinformation is displayed. Note that this will be bypassed (andcaching is allowed) for the bug report pages.$g_allow_file_cacheThis will allow the browser to cache downloaded files. Without thisset, there may be issues with IE receiving files, and launchingsupport programs.5.5. Configuration Settings---------------------------$g_global_settingsThis option contains the list of configuration options that areused to determine if it is allowed for a specific configurationoption to be saved to or loaded from the database. Configurationoptions that are in the list are considered global only and henceare only configurable via the config_inc.php file and defaulted byconfig_defaults_inc.php file.$g_public_config_namesThis option contains a list of configuration options that can bequeried via SOAP API.5.6. Security and Cryptography------------------------------Content Security PolicyAmongst other things, MantisBT relies on Content Security Policy(CSP), which is a W3C candidate recommendation improving thesystem's security against cross-site scripting (XSS) and other,similar types of attacks. It is currently supported in recentversions of many browsers.NoteCSP may cause issues in certain situations (e.g. duringdevelopment), or when using plugins relying on externally hostedresources such as images or scripts.MantisBT currently does not provide any mechanism for plugins tonotify the Core of 'safe' external domains. Because of that, eventhough it is not recommended for obvious security reasons, you maywish to disable CSP. You can do so by specifying a Custom Header inyour config_inc.php file (see Section 5.4, “Webserver”).WarningDisabling Content Security Policy is a security risk !$g_crypto_master_saltMaster salt value used for cryptographic hashing throughoutMantisBT. This value must be kept secret at all costs. You mustgenerate a unique and random salt value for each installation ofMantisBT you control. The minimum length of this string must be atleast 16 characters.The value you select for this salt should be a long stringgenerated using a secure random number generator. An example forLinux systems is:cat /dev/urandom | head -c 64 | base64Note that the number of bits of entropy per byte of output from/dev/urandom is not 8. If you're particularly paranoid and don'tmind waiting a long time, you could use /dev/random to get muchcloser to 8 bits of entropy per byte. Moving the mouse (ifpossible) while generating entropy via /dev/random will greatlyimprove the speed at which /dev/random produces entropy.This setting is blank by default. MantisBT will not operate in thisstate. Hence you are forced to change the value of thisconfiguration option.WarningThis configuration option has a profound impact on the security ofyour MantisBT installation. Failure to set this configurationoption correctly could lead to your MantisBT installation beingcompromised. Ensure that this value remains secret. Treat it withthe same security that you'd treat the password to your MantisDBdatabase.5.7. Signup and Lost Password-----------------------------$g_allow_signupAllow users to signup for their own accounts.If ON (default), then $g_send_reset_password must be ON as well,and mail settings must be correctly configured (see Section 5.8,“Email”).$g_max_failed_login_countMaximum number of failed login attempts before the user's accountis locked. Once locked, it is required to reset the password (lostpassword). The counter is reset to zero after each successfullogin.Default is set to 5, in order to prevent brute force attacksattempting to gain access to end users accounts. Set to OFF todisable this feature and allow unlimited failed login attempts.$g_notify_new_user_created_threshold_minThe minimum global access level required to be notified when a newuser registers via the "signup form". To pick specific accesslevels that are not necessarily at the higher end of access levels,use an array of access levels. Default is ADMINISTRATOR.$g_send_reset_passwordIf ON (default), users will be sent their password when theiraccount is created or password reset (this requires mail settingsto be correctly configured).If OFF, then the Administrator will have to provide a password whencreating new accounts, and the password will be set to blank whenreset.$g_signup_use_captchaUse captcha image to validate subscription it requires GD libraryinstalled.$g_system_font_folderAbsolute path (with trailing slash!) to folder which contains yourTrueType-Font files used for the Relationship Graphs, and theWorkflow Graphs.$g_lost_password_featureSetting to disable the 'lost your password' feature.$g_max_lost_password_in_progress_countMax. simultaneous requests of 'lost password'. When this value isreached, it's no longer possible to request new password reset.Value resets to zero at each successfully login.5.8. Email----------$g_webmaster_emailThe webmaster's e-mail address. This address is displayed in thebottom of all MantisBT pages. webmaster@example.com$g_from_emailThe email address to be used as the source of all emails sent byMantisBT. noreply@example.com$g_from_nameThe sender name of all emails sent by MantisBT. Mantis Bug Tracker$g_return_path_emailEmail address to receive bounced emails.$g_enable_email_notificationSet to ON to enable email notifications, OFF to disable them.Default is ON. Note that disabling email notifications has noeffect on emails generated as part of the user signup process. Whenset to OFF, the password reset feature is disabled. Additionally,notifications of administrators updating accounts are not sent tousers.$g_email_notifications_verboseWhen enabled, the email notifications will include the full issuewith a hint about the change type at the top, rather than usingdedicated notifications that are focused on what changed. Thischange can be overridden in the database per user. Default is OFF.$g_default_notify_flagsAssociates a default notification flag with each action, to controlwho should be notified. The default will be used if the action isnot defined in $g_notify_flags or if the flag is not included inthe specific action definition.The list of actions include: new, assigned, resolved, bugnote,reopened, closed, deleted, feedback.The default is:$g_default_notify_flags = array('reporter' => ON,'handler' => ON,'monitor' => ON,'bugnotes' => ON,'category' => ON,'explicit' => ON,'threshold_min' => NOBODY,'threshold_max' => NOBODY);threshold_min and threshold_max are used to send messages to allmembers of the project whose status is*greater than or equal to threshold_min, and*less than or equal to threshold_max.Sending messages to everyone would set threshold_min to ANYBODY andthreshold_max to NOBODY. To send to all DEVELOPERS and above, useDEVELOPER and NOBODY respectively.$g_notify_flagsDefines the specific notification flags when they are differentfrom the defaults defined in $g_default_notify_flags.For example, the following code overrides the default by disablingnotifications to bugnote authors and users monitoring the bug whensubmitting a new bug:$g_notify_flags['new'] = array('bugnotes' => OFF,'monitor' => OFF,);See Section 7.4, “Email Notifications” for further examples ofcustomizing the notification flags.Available actions include:*new: a new bug has been added*reopened: the bug has been reopened*deleted: a bug has been deleted*owner: the bug has been assigned a new owner*bugnote: a bugnote has been added to a bug*sponsor: the sponsorship for the bug has changed (added,deleted or updated)*relation: a relationship for the bug has changed (added,deleted or updated)*monitor: a user is added to the monitor list.In addition, an action can match the bug status in$g_status_enum_string. Note that spaces in the string are replacedwith underscores ('_') when creating the action. Thus, using thedefaults, 'feedback' would be a valid action.$g_email_receive_ownThis defines whether users should receive emails for their ownactions. This option is defaulted to OFF, hence, users do notreceive email notification for their own actions. This can be asource for confusions for users upgrading from MantisBT 0.17.xversions, since in these versions users used to get notified oftheir own actions.$g_validate_emailDetermines whether email addresses are validated.When ON (default), validation is performed using the pattern givenby the HTML5 specification for email type form input elements. WhenOFF, validation is disabled.NoteRegardless of how this option is set, validation is never performedwhen using LDAP email (i.e. when $g_use_ldap_email = ON, seeSection 5.21.2, “LDAP authentication method parameters”), as weassume that it is handled by the directory.$g_check_mx_recordSet to OFF to disable email checking. Default is OFF.$g_allow_blank_emailIf ON, allows the user to omit an email address field. If you allowusers to create their own accounts, they must specify an email atthat point, no matter what the value of this option is. Otherwisethey wouldn't get their passwords.Administrators are able to bypass this check to enable them tocreate special accounts like anonymous access and other serviceaccounts that don't need notifications.$g_email_login_enabledEnable support for logging in by email and password, in addition tousername and password. This will only work as long as there is asingle user with the specified email address and the email addressis not blank. The default value is OFF.$g_email_ensure_uniqueWhen enabled, the uniqueness of email addresses will be enforcedfor new users as well as updates to existing ones. Default is ON.WarningWhen this setting changes from OFF to ON (which will de facto occurwhen upgrading to MantisBT 1.3.0 or later from an older version),there could be existing user accounts sharing the same emailaddress.It important that such duplicates are identified and fixed, toavoid unexpected and unpredictable behavior when looking up userswith their email address, as the system expects them to be unique.To facilitate this task, the Administration Checks will detectduplicate email addresses and identify the related user accounts. Awarning will also be displayed in the Manage Users page (seeSection 6.8.1, “Users”) and when editing a user account whose emailaddress is associated with one or more other accounts.$g_limit_email_domainsOnly allow and send email to addresses in the given domain(s). Thisis useful as a security feature and it is also useful in cases likeSourceforge where its servers are limited to only sending emails toSourceForge email addresses in order to avoid spam.$g_limit_email_domains = array( 'users.sourceforge.net','sourceforge.net' );$g_show_user_email_thresholdThis specifies the access level that is needed to have user nameshyperlinked with mailto: links. The default value is NOBODY, hence,even administrators won't have this feature enabled.$g_show_user_realname_thresholdThis specifies the access level that is needed to see realnames onuser view page. The default value is NOBODY, hence, evenadministrators won't have this feature enabled.$g_phpMailer_methodSelect the method to send mail:*PHPMAILER_METHOD_MAIL for use of mail() function,*PHPMAILER_METHOD_SENDMAIL for sendmail (or postfix),*PHPMAILER_METHOD_SMTP for SMTP,Default is PHPMAILER_METHOD_MAIL.$g_smtp_hostThis option specifies the SMTP server to submit messages to. TheSMTP server (MTA) then takes on the responsibility of deliveringmessages to their final destinations.To use the local SMTP (if available) set this to 'localhost',otherwise use the fully qualified domain name of the remote SMTPserver.It can be either a single hostname, or multiple semicolon-delimitedhostnames. You can specify for each host a port other than thedefault, using format: hostname:port (e.g."smtp1.example.com:25;smtp2.example.com").Hosts will be tried in the given order.NoteThis is only used with PHPMAILER_METHOD_SMTP (see$g_phpmailer_method).The default is 'localhost'.$g_smtp_portThe default SMTP port to use. This can be overridden individuallyfor specific hosts. (see $g_smtp_host).Typical SMTP ports are 25 and 587.The default is 25.$g_smtp_connection_modeAllow secure connection to the SMTP server. Valid values are:*'' (empty string): No encryption. This is the default.*ssl*tls$g_smtp_usernameSMTP Server Authentication userAllows the use of SMTP Authentication when using a remote SMTPhost.Notemust be set to '' (empty string) if the SMTP host does not requireauthentication.Default is ''.$g_smtp_passwordThis is the password that is used in SMTP Authentication. Not usedwhen $g_smtp_username = ''Default is ''.$g_email_retry_in_daysDuration (in days) to retry failed emails before deleting them fromqueue. Default 7 days.$g_email_send_using_cronjobDisables sending of emails as soon as an action is performed.Emails are instead queued and must be sent by runningscripts/send_emails.php periodically. This script can only beexecuted from the CLI, not from the web interface, for securityreasons.Enabling this option can help with performance problems if largenumbers of emails are generated or mail delivery is slow by notdelaying page execution when sending emails.$g_email_separator1Default is str_pad('', 70, '='); This means 70 equal signs.$g_email_separator2Default is str_pad('', 70, '-'); This means 70 minus signs.$g_email_padding_lengthDefault is 28.MantisBT uses flags and a threshold system to generate emails on events.For each new event, email is sent to:*the reporter, qualified by the notify flag 'reporter' below*the handler (or Assigned to), qualified by the notify flag 'handler'below*anyone monitoring the bug, qualified by the notify flag 'monitor'below*anyone who has ever added a bugnote the bug, qualified by the notifyflag 'bugnotes' below*anyone assigned to the project whose access level is greater than orequal to the notify flag 'threshold_min' and less than or equal tothe notify flag 'threshold_max' belowFrom this list, those recipients who meet the following criteria areeliminated:*the originator of the change, if $g_email_receive_own is OFF*the recipient either no longer exists, or is disabled*the recipient has turned their email_on_<new status> preference OFF*the recipient has no email address entered5.8.1. DKIM signatureIn order to setup DomainKeys Identified Mail (DKIM) Signatures (asdefined in RFC 6376), you need to enable the feature (see$g_email_dkim_enable), and provide at least:*Domain (see $g_email_dkim_domain),*Private key or key file path (see $g_email_dkim_private_key_file_pathand $g_email_dkim_private_key_string),*Selector (see $g_email_dkim_selector),*Identity (see $g_email_dkim_identity).$g_email_dkim_enableEnables DomainKeys Identified Mail (DKIM).The default is OFF.$g_email_dkim_domainDefines the domain for DKIM Signatures.This is typically same as the host part of the $g_from_email. Forexample example.com.$g_email_dkim_private_key_file_pathPath to the private domain key to be used for DKIM Signatures.If the key is specified in $g_email_dkim_private_key_string thissetting will not be used.$g_email_dkim_private_key_stringPrivate domain key to be used for DKIM Signatures.This string should contain private key for signing. Leave emptystring if you wish to load the key from the file defined with$g_email_dkim_private_key_file_path.$g_email_dkim_selectorSelector to be used for DKIM Signatures.If your domain is example.com, typically DNS TXT field should have:host: mail.example._domainkey, value: v=DKIM1; t=s; n=core; k=rsa;p=[public key]. In this case selector should be mail.example$g_email_dkim_passphrasePrivate DKIM domain key password.Leave empty string if your private key does not have password$g_email_dkim_identityIdentity to be used for DomainKeys Identified Mail (DKIM)Signatures.This is usually the same as $g_from_email. For example,noreply@example.com5.8.2. S/MIME signatureThis sections describes the necessary settings to enable S/MIME signaturefor outgoing MantisBT e-mails.$g_email_smime_enableEnables S/MIME signature.Defaults to OFF.$g_email_smime_cert_filePath to the S/MIME certificate.The file must contain a PEM-encoded certificate.$g_email_smime_key_filePath to the S/MIME private key file.The file must contain a PEM-encoded private key matching the S/MIMEcertificate.$g_email_smime_key_passwordPassword for the S/MIME private key.Leave blank if the private key is not protected by a passphrase.$g_email_smime_extracerts_fileOptional path to S/MIME extra certificates.The file must contain one (or more) PEM-encoded certificates, whichwill be included in the signature to help the recipient verify thecertificate specified in $g_email_smime_cert_file ("CA Chain").NoteMantisBT expects the S/MIME certificates and the private key files to bein PEM format. If you have a PKCS12 encrypted certificate (typically witha .pfx or .p12 extension), you may use the following openssl commands toextract and convert the individual elements:*Certificateopenssl pkcs12 -in cert.pfx -clcerts -nokeys -out cert.crt*Extra certificates ("CA chain")openssl pkcs12 -in cert.pfx -cacerts -nokeys -out ca-chain.crt*Private key (-passout specifies the private key's password)openssl pkcs12 -in cert.pfx -nocerts -out cert.key -passout pass:If the input file is protected, openssl will ask for the password;alternatively, you can specify it on the command-line with the -passinoption, e.g. -passin pass:PASSWORD5.9. Version------------$g_show_versionDisplay MantisBT Version number to users in the page footer.This is more of a cosmetic setting and should NOT be considered asa security measure to avoid disclosure of version information tousers. Default is OFF.NoteWhen the REST API is enabled (see Section 5.38, “API”), accessingan endpoint will always return the version number in theX-Mantis-Version header, even if the request fails.$g_version_suffixString appended to the MantisBT version when displayed to the user.Default is ''.$g_copyright_statementCustom copyright and licensing statement shown at the footer ofeach page.Can contain HTML elements that are valid children of the <address>element. This string is treated as raw HTML and thus you must use& instead of &. Default is ''.5.10. Language--------------$g_default_languageThis is the language used by default in MantisBT. This may be setto 'auto' where MantisBT will try to determine the language fromthe browser.$g_language_choices_arrThis is to be set to an array of languages that are available forusers to choose from. The default value includes all languagessupported by MantisBT. The administrator can limit the languagesavailable for users to choose from by overriding this value. Forexample, to support English, French and German include thefollowing code:$g_language_choices_arr = array( 'english', 'french', 'german' );Of course, administrators can also add their own languages bytranslating the strings and creating their own language files. Youare encouraged to share any translation work that you do with theMantisBT team. This will ensure that the newly created languagefile is maintained with future MantisBT releases.All language filesreside in the lang/ folder. They are all named according to thefollowing pattern: strings_<language>.txt.$g_language_auto_mapBrowser language mapping for 'auto' language selection$g_fallback_languageThis is the language used if MantisBT cannot determine the languagefrom the browser. It defaults to 'english'.As of 0.19.0, this maybe set to 'auto' where MantisBT will try to determine the languagefrom the browser.NoteIf a string does not exist in the active language, the English string isused instead.5.11. Display-------------$g_font_familyName of the google font family for the browser to use. For allavailable fonts, see: fonts.google.com .$g_font_family_choicesGoogle font family list offered to the user to chose from. Fontfiles are fetched from google servers.$g_font_family_choices_localThis is a small subset of $g_font_family_choices in which fontfiles are part of MantisBT installation.$g_window_titleThis is the browser window title (<TITLE> tag).$g_search_titleThis is used as prefix to describe Browser Search entries, and mustbe short enough so that when inserted into the'opensearch_XXX_short' language string, the resulting text is 16characters or less, to be compliant with the limit for theShortName element as defined in the OpenSearch specification .Defaults to the value of $g_window_title.$g_admin_checksCheck for admin directory, database upgrades, etc. It defaults toON.$g_favicon_imagePath to the favorites icon relative to MantisBT root folder Thisicon should be of image/x-icon MIME type, and its size 16x16pixels. It is also used to decorate OpenSearch Browser searchentries. (default 'images/favicon.ico').$g_logo_imagePath to the logo image relative to MantisBT root folder (default'images/mantis_logo.gif').$g_logo_urlThe default URL to be associated with the logo. By default this isset to $g_default_home_page (which defaults to My View page).Clicking on the logo from any page in the bug tracker will navigateto the URL specified in this configuration option.$g_show_project_menu_barThis option specifies whether to add menu at the top of the pagewhich includes links to all the projects. The default value is OFF.$g_show_assigned_namesWhen a bug is assigned then replace the word "assigned" with thename of the developer in parenthesis. Default is ON.$g_show_priority_textSpecifies whether to show priority as text (ON) or icon (OFF) inthe view all bugs page. Default is OFF (icon).$g_priority_significant_thresholdDefine the priority level at which a bug becomes significant.Significant bugs are displayed with emphasis. Set this value to -1to disable the feature. The default value is HIGH.$g_severity_significant_thresholdDefine the severity level at which a bug becomes significant.Significant bugs are displayed with emphasis. Set this value to -1to disable the feature. The default value is MAJOR.$g_view_issues_page_columnsThis configuration option is used to set the columns to be includedin the View Issues page, and the order in which they will bedisplayed.This can be overridden using Manage > Manage Configuration > ManageColumns; users can also configure their own columns using MyAccount > Manage Columns.The list of all available columns (i.e. the names to choose from)can be retrieved from the above-mentioned pages. In addition tostandard column names, that will also include:*Custom Fields: the column name will be the Custom Field's nameprefixed with custom_, e.g. xyz should be included ascustom_xyz.*Plugin-specific columns (prefixed with the Plugin's basename)If one of the columns specified here is not accessible to thelogged-in user or corresponds to a disabled feature, then it willautomatically be removed from the list at runtime. The sameconfiguration may therefore show a different set of columnsdepending on the logged in user, the currently selected project andenabled features.For example, the eta column will only be shown if usage of the ETAfield is enabled (see $g_enable_eta in Section 5.35, “FieldVisibility”), and the custom_xyz column will be removed if the xyzCustom Field is not available in the current Project.By default the following columns are selected: selection, edit,priority, id, bugnotes_count, attachment_count, category_id,severity, status, last_updated, summary.$g_print_issues_page_columnsThis configuration option is used to set the columns to be includedin the Print Issues page, and the order in which they will bedisplayed.See $g_view_issues_page_columns for details.By default the following columns are selected: selection, priority,id, bugnotes_count, attachment_count, category_id, severity,status, last_updated, summary.$g_csv_columnsThis configuration option is used to set the columns to be includedin CSV exports, and the order in which they will be displayed.See $g_view_issues_page_columns for details.By default the following columns are selected: id, project_id,reporter_id, handler_id, priority, severity, reproducibility,version, build, projection, category_id, date_submitted, eta, os,os_build, platform, view_state, last_updated, summary, status,resolution, fixed_in_version.$g_excel_columnsThis configuration option is used to set the columns to be includedin Excel exports, and the order in which they will be displayed.See $g_view_issues_page_columns for details.By default the following columns are selected: id, project_id,reporter_id, handler_id, priority, severity, reproducibility,version, build, projection, category_id, date_submitted, eta, os,os_build, platform, view_state, last_updated, summary, status,resolution, fixed_in_version.$g_show_bug_project_linksShow project links when in All Projects mode. Default is ON.$g_filter_positionPosition of the filter box, can be: POSITION_* (POSITION_TOP,POSITION_BOTTOM, or POSITION_NONE for none). Default isFILTER_POSITION_TOP.$g_action_button_positionPosition of action buttons when viewing issues. Can be:POSITION_TOP, POSITION_BOTTOM, or POSITION_BOTH. Default isPOSITION_BOTTOM.$g_show_product_versionThis controls display of the product version in the report, view,update and print issue pages. This flag also applies to otherproduct version related fields like product build, fixed inversion, and target version. Valid values are ON, OFF, and AUTO. ONfor always displayed, AUTO for displayed when project has versionsdefined, and OFF for always OFF. The default value is AUTO.$g_show_version_dates_thresholdThe access level threshold at which users will see the date ofrelease for product versions. Dates will be shown next to theproduct version, target version and fixed in version fields. Setthis threshold to NOBODY to disable the feature. Default value isNOBODY.$g_show_realnameThis control will replace the user's userid with their realname. Ifit is set to ON, and the real name field has been populated, thereplacement will occur. It defaults to OFF.$g_sort_by_last_nameSorting for names in dropdown lists. If turned on, "Jane Doe" willbe sorted with the "D"s. It defaults to OFF.$g_show_avatarShow the users' avatarIn addition to enabling this configuration option it is necessaryto install an avatar plugin like the Gravatar plugin which isbundled out of the box.$g_show_avatar_thresholdThe threshold of users for which MantisBT should show the avatar(default DEVELOPER). Note that the threshold is related to the userfor whom the avatar is being shown, rather than the user who iscurrently logged in.$g_show_changelog_datesShow release dates on changelog. It defaults to ON.$g_show_roadmap_datesShow release dates on roadmap. It defaults to ON.$g_status_colorsStatus color codes, using the Tango color palette.$g_display_bug_paddingThe padding level when displaying bug ids. The bug id will bepadded with 0's up to the size given.$g_display_bugnote_paddingThe padding level when displaying bugnote ids. The bugnote id willbe padded with 0's up to the size given.5.12. Time----------$g_cookie_time_lengthTime for long lived cookie to live in seconds. It is also used asthe default for permanent logins if $g_allow_permanent_cookie isenabled and selected. Default is 1 year.$g_allow_permanent_cookieAllow users to opt for a 'permanent' cookie when logging in.Controls the display of the 'Remember my login in this browser'checkbox on the login page. See $g_cookie_time_length.$g_wait_timeTime to delay between page redirects (in seconds). Users canoverride this setting in their user preferences. Default is 2seconds.$g_long_process_timeoutThis timeout is used by pages which does time consuming operationslike upgrading the database. The default value of 0 disablestimeout. Note that this timeout is specified in seconds.5.13. Date----------These variables control how the date is displayed. The default is ISO8601 formatting.Please refer to the PHP manual for details on available formattingoptions.$g_short_date_formatThis format is used in the bug listing pages (eg: View Bugs).Default is Y-m-d.$g_normal_date_formatThis format is used in the view/update bug pages, bug notes, managesection, and news section. Default is Y-m-d H:i.$g_complete_date_formatThis format is used on the top of each page (current time) and theemails that are sent out. Default is Y-m-d H:i T.$g_datetime_picker_formatThis format is used with the datetime picker widget. Default isY-MM-DD HH:mm.NoteThe formatting convention for the DateTime picker is different fromthe one used for the other date settings described above; seeMoment.js documentation for details.WarningThis format needs to match the one defined in $g_normal_date_format.Inconsistencies between these two settings, e.g. using differentdate ordering (DMY, MDY or YMD) or displaying the month as a numbervs a word or abbreviation, may result in unexpected behavior suchas an invalid interpretation of the date by the DateTime pickerwidget, or errors trying to save a modified date.5.14. Time Zone---------------$g_default_timezoneDefault timezone to use in MantisBT. This configuration is normallyinitialized when installing Mantis. It should be set to one of thevalues specified in the List of Supported Timezones.If this config is left blank, the timezone will be initialized bycalling function date_default_timezone_get(), which will fall backto UTC if unable to determine the timezone.Correct configuration of this variable can be confirmed by runningthe administration checks. Users can override the default timezoneunder user their preferences.5.15. News----------These options are used to control the query that selects the news entriesto be displayed.$g_news_enabledIndicates whether the news feature should be enabled or disabled.The default is OFF. The news feature is deprecated in favor ofbeing moved to a plugin.$g_news_limit_methodLimit the news entry that are displayed by number of entries(BY_LIMIT) or by date (BY_DATE). The default is BY_LIMIT.$g_news_view_limitThe limit for the number of news entries to be displayed. Thisoption is only used if $g_news_limit_method is set to BY_LIMIT.$g_news_view_limit_daysSpecifies the number of dates after which the news are notdisplayed. This option is only used if $g_news_limit_method is setto BY_DATE.$g_private_news_thresholdSpecifies the access level required to view private news. Thedefault is DEVELOPER.5.16. Default Preferences-------------------------$g_default_new_account_access_levelThis is the default access level users are given when their accountis created by email. The default access level is REPORTER. Look inconstant_inc.php for other values.$g_default_project_view_statusThe default viewing status for new projects (VS_PUBLIC orVS_PRIVATE). The default is VS_PUBLIC.$g_default_bug_descriptionDefault value for bug description field used on bug report page.Default is empty description.$g_default_bug_additional_infoDefault value for bug additional info field used on bug reportpage. Default is empty.$g_default_bug_steps_to_reproduceDefault value for bug steps to reproduce field used on bug reportpage. Default is empty.$g_default_bug_view_statusThe default viewing status for the new bug (VS_PUBLIC orVS_PRIVATE). The default is VS_PUBLIC.$g_default_bugnote_view_statusThe default viewing status for the new bugnote (VS_PUBLIC orVS_PRIVATE). The default is VS_PUBLIC.$g_timeline_view_thresholdThreshold for viewing timeline information. Use NOBODY to turn itoff. If the timeline is turned off, the other widgets are displayedin a two column view. The default is VIEWER.$g_default_reminder_view_statusThe default viewing status for the new reminders (VS_PUBLIC orVS_PRIVATE). The default is VS_PUBLIC.$g_reminder_receive_thresholdThe minimum access level for a user to show up in the reminder userpicker. Note that this is the access level for the project forwhich the issue belongs. The default is DEVELOPER.$g_default_bug_resolutionThe resolution for a newly created issue. The default is OPEN. Lookin constant_inc.php for other values.$g_default_bug_severityThe severity for a newly created issue. The default is MINOR. Lookin constant_inc.php for other values.$g_default_bug_priorityThe priority for a newly created issue. The default is NORMAL. Lookin constant_inc.php for other values.$g_default_bug_reproducibilityThe reproducibility for a newly created issue. The default isREPRODUCIBILITY_HAVENOTTRIED. Look in constant_inc.php for othervalues.$g_default_bug_projectionThe projection for a newly created issue. The default isPROJECTION_NONE. Look in constant_inc.php for other values.$g_default_bug_etaThe ETA for a newly created issue. The default is ETA_NONE. Look inconstant_inc.php for other values.$g_default_category_for_movesDefault global category to be used when an issue is moved from aproject to another that doesn't have a category with a matchingname. The default is 1 which is the "General" category that iscreated in the default database.$g_default_limit_viewNumber of bugs to show in the View Bugs page. The default value is50.$g_default_show_changedHighlight bugs that have changed during the last N hours. Thedefault value is 6.$g_hide_status_defaultControls which issues will be displayed in the View Issues page.Default value is CLOSED, implying that all issues at "closed" orhigher state will not be shown.$g_min_refresh_delayThis is the delay between automatic refreshes of the View Issuespage in minutes. Make sure refresh delay in user preferences isn'ttoo short. If a users set their preferences to be lower then it isbumped back up to this minimum value. The default value is 10minutes.These settings are used as the default values for preferences for newusers. Each user can override these settings through the user preferencesform. Default language is set to default site language($g_default_language).$g_default_refresh_delayDefault page refresh delay (in minutes). This is for the buglisting pages. Default value is 30 minutes.$g_default_redirect_delayDefault delay before a user is redirected to a page after beingprompted by a message (eg: operational successful). Default valueis 2 seconds.$g_default_bugnote_orderThis controls the time order in which bug notes are displayed. Itcan be either ASC (oldest first, the default) or DESC (newestfirst).$g_default_email_on_new, $g_default_email_on_assigned,$g_default_email_on_feedback, $g_default_email_on_resolved,$g_default_email_on_closedDefault user preferences to enable receiving emails when a bug isset to the corresponding status. This option only has an effect ifusers have the required access level to receive such emails.Default value is ON.$g_default_email_on_reopenedDefault user preferences to enable receiving emails when bugs arere-opened. Default value is ON.$g_default_email_on_bugnoteDefault user preferences to enable receiving emails when bugnotesare added to bugs. Default value is ON.$g_default_email_on_statusDefault user preferences to enable receiving emails when status ischanged. Default is OFF.$g_default_email_on_priorityDefault user preferences to enable receiving emails when priorityis changed. Default is OFF.$g_default_email_on_new_minimum_severity,$g_default_email_on_assigned_minimum_severity,$g_default_email_on_feedback_minimum_severity,$g_default_email_on_resolved_minimum_severity,$g_default_email_on_closed_minimum_severity,$g_default_email_on_reopened_minimum_severity,$g_default_email_on_bugnote_minimum_severityDefault user preferences to enable filtering based on issueseverity. These correspond to the email_on_<status> settings.Default is 'any'.$g_default_email_on_bugnote_minimum_severityDefault user preference to enable filtering based on issueseverity. These corresponds to the email_on_bugnote setting.Default is 'any'.$g_default_email_on_status_minimum_severityDefault user preference to enable filtering based on issueseverity. These corresponds to the email_on_status settings.Default is 'any'.$g_default_email_on_priority_minimum_severityDefault user preferences to enable filtering based on issueseverity. These corresponds to the email_on_priority settings.Default is 'any'.$g_default_bug_relationship_cloneDefault relationship between a new bug and its parent when cloningit$g_default_bug_relationshipDefault for new bug relationships$g_show_sticky_issuesTODO$g_default_email_on_newTODO$g_default_email_on_assignedTODO$g_default_email_on_feedbackTODO$g_default_email_on_resolvedTODO$g_default_email_on_closedTODO$g_default_email_on_new_minimum_severityTODO$g_default_email_on_assigned_minimum_severityTODO$g_default_email_on_feedback_minimum_severityTODO$g_default_email_on_resolved_minimum_severityTODO$g_default_email_on_closed_minimum_severityTODO$g_default_email_on_reopened_minimum_severityTODO$g_default_email_bugnote_limitTODOSee also: Section 7.4, “Email Notifications”5.17. Summary-------------These are the settings that are used to configuration options related tothe Summary page. This page contains statistics about the bugs inMantisBT.$g_reporter_summary_limitLimit how many reporters to show in the summary page. This isuseful when there are dozens or hundreds of reporters. The defaultvalue is 10.$g_date_partitionsAn array of date lengths to count bugs by (in days) for the summaryby date. The default is to count for 1, 2, 3, 7, 30, 60, 90, 180,and 365.$g_summary_category_include_projectSpecifies whether category names should be preceded by projectnames (eg: [Project] Category) when the summary page is viewed forall projects. This is useful in the case where category names arecommon across projects. The default is OFF.$g_view_summary_thresholdSpecifies the access level required to view the summary page.Default is MANAGER.$g_severity_multipliersAn array of multipliers which are used to determine theeffectiveness of reporters based on the severity of bugs. Highermultipliers will result in an increase in reporter effectiveness.The default multipliers are:$g_severity_multipliers = array ( FEATURE => 1,TRIVIAL => 2,TEXT => 3,TWEAK => 2,MINOR => 5,MAJOR => 8,CRASH => 8,BLOCK => 10 );The keys of the array are severity constants from constant_inc.phpor from custom_constants_inc.php if you have custom severitiesdefined. The values are integers, typically in the range of 0 to10. If you would like for a severity to not count towardseffectiveness, set the value to 0 for that severity.$g_resolution_multipliersAn array of multipliers which are used to determine theeffectiveness of reporters based on the resolution of bugs. Highermultipliers will result in a decrease in reporter effectiveness.The only resolutions that need to be defined here are those whichmatch or exceed $g_bug_resolution_not_fixed_threshold. The defaultmultipliers are:$g_resolution_multipliers = array( UNABLE_TO_REPRODUCE => 2,NOT_FIXABLE => 1,DUPLICATE => 3,NOT_A_BUG => 5,SUSPENDED => 1,WONT_FIX => 1 );The keys of the array are resolution constants fromconstant_inc.php or from custom_constants_inc.php if you havecustom resolutions defined. Resolutions not included here will beassumed to have a multiplier value of 0. The values are integers,typically in the range of 0 to 10. If you would like for aresolution to not count towards effectiveness, set the value to 0for that resolution or remove it from the array completely. Notethat these resolution multipliers are stacked on top of theseverity multipliers. Therefore by default, a user reporting manyduplicate bugs at severity level BLOCK will be far worse off than auser reporting many duplicate bugs at severity level FEATURE.5.18. Bugnote-------------$g_bugnote_orderOrder to use for sorting bugnotes by submit date. Possible valuesinclude ASC for ascending and DESC for descending order. Thedefault value is ASC.5.19. File Upload-----------------MantisBT allows users to upload file attachments and associate them withbugs as well as projects. Bug attachments / project documents can beuploaded to the webserver or database. When bugs are uploaded to thewebserver they are uploaded to the path that is configured in the projectproperties. In case of problems getting the file upload feature to work,check the following resources: PHP Manual .$g_allow_file_uploadWhether to allow/disallow uploading of attachments. Default valueis ON.$g_file_upload_methodSpecify the location for uploading attachments. In case of DISKmethods you need to provide the webserver with write access rightsto the configured upload path (configured in the project) andtemporary upload path (used by PHP).Values: DISK or DATABASEDefault: DATABASE$g_dropzone_enabledWhether to enable/disable drag and drop zone for uploading ofattachments. Default value is ON.$g_file_upload_max_numMaximum number of files that can be uploaded simultaneously.Default value is 10.$g_max_file_sizeMaximum file size that can be uploaded. Default value is about 5MiB. The maximum size is also affected by the PHP optionspost_max_size (default 8 MiB), upload_max_filesize (default 2 MiB)and memory_limit (default 128 MiB) specified in php.ini.$g_allowed_filesAuthorized file types (whitelist).If $g_allowed_files is filled in, NO other file types will beallowed. If empty, any extensions not specifically excluded by$g_disallowed_files list will be authorized ($g_disallowed_filestakes precedence over $g_allowed_files). Separate items by commas,e.g. 'bmp,gif,jpg,png,txt,zip'.$g_disallowed_filesForbidden file types (blacklist).All file extensions in this list will be unauthorized. Separateitems by commas, e.g. 'php,html,java,exe,pl,svg'.WarningSVG files are disabled by default, for security reasons. It isrecommended to also disable all extensions that can be executed byyour server.$g_preview_attachments_inline_max_sizeThis limit applies to previewing of image / text attachments. Ifthe attachment size is smaller than the specified value, theattachment is previewed with the issue details. The previewing canbe disabled by setting this configuration to 0. The default valueis 256 * 1024 (256KB).$g_preview_text_extensionsAn array of file extensions (not including dots) for text filesthat can be previewed inline.$g_preview_image_extensionsAn array of file extensions (not including dots) for image filesthat can be previewed inline.$g_fileinfo_magic_db_fileSpecify the filename of the magic database file. This is used byPHP to guess what the MIME type of a file is. Usually it is safe toleave this setting as the default (blank) as PHP is usually able tofind this file by itself.$g_file_download_xsendfile_enabledEnable support for sending files to users via a more efficientX-Sendfile method. HTTP server software supporting this techniqueincludes Lighttpd, Cherokee, Apache with mod_xsendfile and nginx.You may need to set the proceedingfile_download_xsendfile_header_name option to suit the server youare using.$g_file_download_xsendfile_header_nameThe name of the X-Sendfile header to use. Each server tends toimplement this functionality in a slightly different way and thusthe naming conventions for the header differ between each server.Lighttpd from v1.5, Apache with mod_xsendfile and Cherokee webservers use X-Sendfile. nginx uses X-Accel-Redirect and Lighttpdv1.4 uses X-LIGHTTPD-send-file.$g_attachments_file_permissionsWhen using DISK for storing uploaded files, this setting controlthe access permissions they will have on the web server: with thedefault value (0400) files will be read-only, and accessible onlyby the user running the apache process (probably "apache" in Linuxand "Administrator" in Windows). For more details on unix stylepermissions: http://www.perlfect.com/articles/chmod.shtml$g_absolute_path_default_upload_folderAbsolute path to the default upload folder. Requires trailing / or\.$g_preview_max_widthSpecifies the maximum width for the auto-preview feature. If nomaximum width should be imposed then it should be set to 0.$g_preview_max_heightSpecifies the maximum height for the auto-preview feature. If nomaximum height should be imposed then it should be set to 0.$g_view_attachments_thresholdAccess level needed to view bugs attachments. View means to see thefile names, sizes, and timestamps of the attachments.$g_download_attachments_thresholdAccess level needed to download bug attachments.$g_delete_attachments_thresholdAccess level needed to delete bug attachments.$g_allow_view_own_attachmentsAllow users to view attachments uploaded by themselves even iftheir access level is below view_attachments_threshold.$g_allow_download_own_attachmentsAllow users to download attachments uploaded by themselves even iftheir access level is below download_attachments_threshold.$g_allow_delete_own_attachmentsAllow users to delete attachments uploaded by themselves even iftheir access level is below delete_attachments_threshold.5.20. HTML----------$g_html_make_linksThis flag controls whether URLs and email addresses areautomatically converted to clickable links. Additionally, for URLlinks, it determines where they open when clicked (targetattribute) and their type.The options below can be combined using bitwise operators, thoughnot all possible combinations make sense. The default isLINKS_SAME_WINDOW | LINKS_NOOPENER.*OFF - do not convert URLs or emails*LINKS_SAME_WINDOW - convert to links that open in currenttab/window. NOTE: for backwards-compatibility, this isequivalent to ON.*LINKS_NEW_WINDOW - convert to links that open in a newtab/window. Overrides LINKS_SAME_WINDOW.*LINKS_NOOPENER - Links have the noopener type.*LINKS_NOREFERRER - Links have the noreferrer type, i.e. theyomit the Referer header. Implies LINKS_NOOPENER.$g_html_valid_tagsThis is the list of HTML tags that are allowed.Do NOT include hrefor img tags here.Do NOT include tags that have parameters (eg. )TheHTML code is allowed to enter the database as is. The$g_allow_href_tags does not have to be enabled to make URL links.The package will automatically hyperlink properly formatted URLseg. https://blah.blah/ or mailto://me@more.com/$g_bottom_include_pageSpecifies a file to be included at the bottom of each page. It canbe used e.g. for company branding, to include Google Analyticsscript, etc.$g_top_include_pageSpecifies a file to be included at the top of each page. It can beused e.g. for company branding.If a file is supplied, the logo specified by $g_logo_image (seeSection 5.11, “Display”) will not be shown, and the include filewill have to handle display of the logo. To do so you can use thehtml_print_logo() API function, which will display the logo with anURL link if one has been specified in $g_logo_urlExample top include PHP file with logo and centered page title:<div id="banner" style="display: flex; align-items: center;"><div style="width: 10%;"><?php html_print_logo(); ?></div><div class="center"><span class="pagetitle"><?php global $g_window_title; echo $g_window_title; ?></span></div><div style="width: 10%;"></div></div>$g_css_include_fileSet this to point to the CSS file of your choice.$g_css_rtl_include_fileSet this to point to the RTL CSS file of your choice.$g_cdn_enabledA flag that indicates whether to use CDN (content deliverynetworks) for loading javascript libraries and their associatedCSS. This improves performance for loading MantisBT pages. This canbe disabled if it is desired that MantisBT doesn't reach outoutside corporate network. Default OFF.$g_main_menu_custom_optionsThis option will add custom options to the main menu. It is anarray of arrays listing the caption, access level required, and thelink to be executed. For example:$g_main_menu_custom_options = array(array('title' => 'My Link','access_level' => MANAGER,'url' => 'my_link.php','icon' => 'fa-plug'),array('title' => 'My Link2','access_level' => ADMINISTRATOR,'url' => 'my_link2.php','icon' => 'fa-plug'));Note that if the caption is found in custom_strings_inc.php (seeSection 7.1, “Strings / Translations”), it will be replaced by thecorresponding translated string. Options will only be added to themenu if the current logged in user has the appropriate accesslevel.Use icons from Font Awesome. Add "fa-" prefix to icon name.Access level is an optional field, and no check will be done if itis not set. Icon is an optional field, and 'fa-plug' will be usedif it is not set.$g_html_valid_tags_single_lineThese are the valid html tags for single line fields (e.g. issuesummary). do NOT include a or img tags here. do NOT include tagsthat require attributes.$g_max_dropdown_lengthMaximum length of the description in a dropdown menu (for search)set to 0 to disable truncations$g_wrap_in_preformatted_textThis flag controls whether pre-formatted text (delimited by HTMLpre tags is wrapped to a maximum linelength (defaults to 100 charsin strings_api). If turned off, the display may be wide whenviewing the text.5.21. Authentication--------------------5.21.1. Global authentication parameters$g_login_methodSpecifies which method will be used to authenticate. It should beone of the following values (defaults to MD5):*MD5 - user's password is stored as a hash in the database*LDAP - authenticates against an LDAP (or Active Directory)server*BASIC_AUTH*HTTP_AUTHIn addition, the following deprecated values are supported forbackwards-compatibility, and should no longer be used:*PLAIN - password is stored in plain, unencrypted text in thedatabase*CRYPT*CRYPT_FULL_SALTNote: you may not be able to easily switch encryption methods, sothis should be carefully chosen at install time. However, MantisBTwill attempt to "fall back" to older methods if possible.$g_reauthenticationDetermines whether MantisBT will require the user tore-authenticate before granting access to the Admin areas aftertimeout expiration. Defaults to ON$g_reauthentication_expiryDuration of the reauthentication timeout, in seconds. Defaults to 5minutes.5.21.2. LDAP authentication method parametersThe parameters below are only used if $g_login_method (see Section5.21.1, “Global authentication parameters” above) is set to LDAP.$g_ldap_serverSpecifies the LDAP or Active Directory server to connect to.This must be a full LDAP URI (protocol://hostname:port)*Protocol must be either:*ldap - unencrypted or opportunistic TLS (STARTTLS)*ldaps - TLS encryption*Port number is optional, and defaults to 389.If this doesn't work, try using one of the following standardport numbers: 636 (ldaps); for Active Directory Global Catalogforest-wide search, use 3268 (ldap) or 3269 (ldaps).Examples of valid URI:ldap://ldap.example.com/ldaps://ldap.example.com:3269/NoteMultiple servers can be specified as a space-separated list.$g_ldap_use_starttlsDetermines whether the connection will attempt an opportunisticupgrade to a TLS connection (STARTTLS).Defaults to ON.WarningFor security, a failure aborts the entire connection, so make sureyour server supports StartTLS if this setting is ON, and use theldap:// scheme (not ldaps://).$g_ldap_tls_protocol_minAn integer indicating the minimum version of the TLS protocol toallow. This maps to the LDAP_OPT_X_TLS_PROTOCOL_MIN LDAP libraryoption.For example, LDAP_OPT_X_TLS_PROTOCOL_TLS1_2.Defaults to OFF (protocol version not set).NoteRequires PHP 7.1 or later.WarningFor security, a failure aborts the entire connection.$g_ldap_root_dnThe root distinguished name for LDAP searches. For example,dc=example, dc=com.$g_ldap_organizationLDAP search filter for the organization. For example,(organizationname=*Traffic). Defaults to '' (empty string).$g_ldap_protocol_versionThe LDAP Protocol Version to use (2, 3 or 0). This maps to theLDAP_OPT_PROTOCOL_VERSION ldap library option.Defaults to 3.NoteIf 0, then the protocol version is not set, and you get whateverdefault the underlying LDAP library uses.In almost all cases you should use 3. LDAPv3 was introduced back in1997, and LDAPv2 was deprecated in 2003 by RFC3494.$g_ldap_network_timeoutDuration of the timeout for TCP connection to the LDAP server (inseconds). This maps to LDAP_OPT_NETWORK_TIMEOUT ldap libraryoption. Defaults to 0 (infinite).Set this to a low value when the hostname defined in $g_ldap_serverresolves to multiple IP addresses, allowing rapid failover to thenext available LDAP server.$g_ldap_follow_referralsDetermines whether the LDAP library automatically follows referralsreturned by LDAP servers or not. This maps to LDAP_OPT_REFERRALSldap library option. Defaults to ON.For Active Directory, this should be set to OFF. If you have onlyone LDAP server, setting to this to OFF is advisable to prevent anyman-in-the-middle attacks.$g_ldap_bind_dnThe distinguished name of the service account to use for binding tothe LDAP server. For example,cn=ldap,ou=Administrators,dc=example,dc=com. Leave empty foranonymous binding.$g_ldap_bind_passwdThe password for the service account used to establish theconnection to the LDAP server. For anonymous binding, leave empty.$g_ldap_uid_fieldThe LDAP field for username. Defaults to uid.For Active Directory, set to sAMAccountName.$g_ldap_email_fieldThe LDAP field for e-mail address. Defaults to mail.$g_ldap_realname_fieldThe LDAP field for the user's real name (i.e. common name).Defaults to cn.$g_use_ldap_realnameUse the realname specified in LDAP (ON) rather than the one storedin the database (OFF). Defaults to OFF.NoteMantisBT will update the database with the data retrieved from LDAPwhen ON.$g_use_ldap_emailUse the email address specified in LDAP (ON) rather than the onestored in the database (OFF). Defaults to OFF.NoteMantisBT will update the database with the data retrieved from LDAPwhen ON.$g_ldap_simulation_file_pathThis configuration option allows replacing the ldap server with acomma-delimited text file for development or testing purposes.The LDAP simulation file format is as follows:*No headers*One line per user*Each line has 4 comma-delimited fields*username*realname**password*Any extra fields are ignoredWarningOn production systems, this option should be set to '' (This is thedefault).5.22. Status Settings---------------------$g_bug_submit_statusStatus to assign to the bug when submitted. Default value is NEW_.$g_bug_assigned_statusStatus to assign to the bug when assigned. Default value isASSIGNED.$g_bug_reopen_statusStatus to assign to the bug when reopened. Default value isFEEDBACK.$g_bug_feedback_statusStatus to assign to the bug when feedback is required from theissue reporter. Once the reporter adds a note the status moves backfrom feedback to $g_bug_assigned_status or $g_bug_submit_statusbased on whether the bug assigned or not.$g_reassign_on_feedbackWhen a note is added to a bug currently in $g_bug_feedback_status,and the note author is the bug's reporter, this option willautomatically set the bug status to $g_bug_submit_status or$g_bug_assigned_status if the bug is assigned to a developer.Default value is ON.$g_bug_duplicate_resolutionDefault resolution to assign to a bug when it is resolved as beinga duplicate of another issue. Default value is DUPLICATE.$g_bug_reopen_resolutionResolution to assign to the bug when reopened. Default value isREOPENED.$g_auto_set_status_to_assignedAutomatically set status to $g_bug_assigned_status whenever a bugis assigned to a person. Installations where assigned status is tobe used when the defect is in progress, rather than just put in aperson's queue should set it to OFF. Default is ON. For the statuschange to be effective, these conditions must be met:*Bug has no handler, and a new handler is selected*The assignment is not part of a explicit status change*Current bug status is lower than defined "assigned" status*"Assigned" status is reachable by workflow configurationIf the conditions are not met, the assignment is still made, butstatus will not be modified.$g_bug_resolved_status_thresholdBug is resolved, ready to be closed or reopened. In some custominstallations a bug maybe considered as resolved when it is movedto a custom (FIXED OR TESTED) status.$g_bug_resolution_fixed_thresholdThreshold resolution which denotes that a bug has been resolved andsuccessfully fixed by developers. Resolutions above and includingthis threshold and below $g_bug_resolution_not_fixed_threshold areconsidered to be resolved successfully. Default value is FIXED.$g_bug_resolution_not_fixed_thresholdThreshold resolution which denotes that a bug has been resolvedwithout being successfully fixed by developers. Resolutions abovethis threshold are considered to be resolved in an unsuccessfulway. Default value is UNABLE_TO_REPRODUCE.$g_bug_readonly_status_threshold $g_update_readonly_bug_thresholdBug becomes readonly if its status is >=$g_bug_readonly_status_threshold. The bug becomes read/write againif re-opened and its status becomes less than this threshold. Thedefault is RESOLVED. Once the bug becomes readonly, a user with anaccess level greater than or equal to$g_update_readonly_bug_threshold can still edit the bug.$g_status_enum_workflow'status_enum_workflow' defines the workflow, and reflects a simple2-dimensional matrix. For each existing status, you define whichstatuses you can go to from that status, e.g. from NEW_ you mightlist statuses '10:new,20:feedback,30:acknowledged' but not higherones.The default is no workflow, where all states are accessiblefrom any others.$g_report_bug_thresholdThis is the access level required to open a bug. The default isREPORTER.$g_update_bug_thresholdThis is the access level generally required to update the contentof a bug. The default is UPDATER.$g_handle_bug_thresholdThis is the access level generally required to be access levelneeded to be listed in the assign to field. The default isDEVELOPER. If a more restrictive setting can be determined from$g_set_status_threshold, it will be used.$g_update_bug_status_threshold $g_set_status_thresholdThese settings control the access level required to promote a bugto a new status once the bug is opened.$g_set_status_threshold isan array indexed by the status value that allows a distinct settingfor each status. It defaults to blank.If the appropriate status isnot defined above, $g_update_bug_status_threshold is used instead.The default is DEVELOPER.$g_bugnote_user_edit_thresholdThreshold at which a user can edit his/her own bugnotes. Thedefault value is equal to the configuration setting$g_update_bugnote_threshold.$g_bugnote_user_delete_thresholdThreshold at which a user can delete his/her own bugnotes. Thedefault value is equal to the configuration setting$g_delete_bugnote_threshold.$g_bugnote_user_change_view_state_thresholdThreshold at which a user can change the view status of his/her ownbugnotes. The default value is equal to the configuration setting$g_change_view_status_threshold.$g_allow_reporter_reopenIf set, the bug reporter is allowed to reopen their own bugs onceresolved, regardless of their access level. This allows thereporter to disagree with the resolution. The default is ON.$g_allow_parent_of_unresolved_to_closeIf set, no check is performed on the status of a bug's children,which allows the parent to be closed whether or not the childrenhave been resolved. The default is OFF.$g_bug_readonly_status_thresholdBug becomes readonly if its status is >= this status. The bugbecomes read/write again if re-opened and its status becomes lessthan this threshold.$g_bug_closed_status_thresholdBug is closed. In some custom installations a bug may be consideredas closed when it is moved to a custom (COMPLETED or IMPLEMENTED)status.See also: Section 7.5, “Customizing Status Values”5.23. Filters-------------$g_filter_by_custom_fieldsShow custom fields in the filter dialog and use these in filtering.Defaults to ON.$g_filter_custom_fields_per_rowThe number of filter fields to display per row. The default is 8.$g_view_filters = SIMPLE_DEFAULT;Controls the display of the filter pages. Possible values are:*SIMPLE_ONLY - only allow use of simple view*ADVANCED_ONLY - only allow use of advanced view (allowsmultiple value selections)*SIMPLE_DEFAULT - defaults to simple view, but shows a link foradvanced*ADVANCED_DEFAULT - defaults to advanced view, but shows a linkfor simple$g_use_dynamic_filters = ON;This switch enables the use of AJAX to dynamically load and createfilter form controls upon request. This method will reduce theamount of data that needs to be transferred upon each page loaddealing with filters and thus will result in speed improvements andbandwidth reduction.$g_create_permalink_thresholdThe threshold required for users to be able to create permalinks(default DEVELOPER). To turn this feature off use NOBODY.$g_create_short_urlThe service to use to create a short URL. The %s will be replacedby the long URL. By default https://www.tinyurl service is used toshorten URLs.$g_view_filtersControls the display of the filter pages.$g_use_dynamic_filtersThis switch enables the use of AJAX to dynamically load and createfilter form controls upon request. This method will reduce theamount of data that needs to be transferred upon each page loaddealing with filters and thus will result in speed improvements andbandwidth reduction.5.24. Misc----------$g_user_login_valid_regexThe regular expression to use when validating new user login names.The default regular expression allows a-z, A-Z, 0-9, +, -, dot,space and underscore. If you change this, you may want to updatethe ERROR_USER_NAME_INVALID string in the language files to explainthe rules you are using on your site.See Wikipedia for more details about regular expressions. Fortesting regular expressions, use Rubular.$g_monitor_bug_thresholdAccess level needed to monitor issues. The default value isREPORTER.$g_show_monitor_list_thresholdAccess level needed to show the list of users monitoring an issue.The default value is DEVELOPER.$g_monitor_add_others_bug_thresholdAccess level needed to add other users to the list of usersmonitoring an issue. The default value is DEVELOPER.This setting should not be lower than$g_show_monitor_list_threshold.$g_monitor_delete_others_bug_thresholdAccess level needed to delete other users from the list of usersmonitoring an issue. The default value is DEVELOPER.This setting should not be lower than$g_show_monitor_list_threshold.$g_print_reports_thresholdGrants users access to the Print Reports functionality (Word/HTML)from the View Issues page. The default value is UPDATER.$g_export_issues_thresholdAccess level required to export issues to CSV and Excel formatsfrom the View Issues page. The default value is VIEWER.$g_allow_reporter_closeAllow reporters to close the bugs they reported.$g_delete_bug_thresholdAllow the specified access level and above to delete bugs.$g_bug_move_access_levelAllow the specified access level and above to move bugs betweenprojects.$g_allow_account_deleteAllow users to delete their own accounts.$g_allow_anonymous_loginEnable anonymous access to Mantis. You must also specify$g_anonymous_account as the account which anonymous users willbrowse Mantis with. The default setting is OFF.$g_anonymous_accountDefine the account which anonymous users will assume when usingMantis. This account is considered by Mantis to be protected frommodification. In other words, this account can only be modified byusers with an access level equal to or higher than$g_manage_user_threshold. Anonymous users will not be able toadjust preferences or change account settings like normal userscan.You will need to create a new account to use for this$g_anonymous_account setting. When creating the account you shouldspecify a password, email address and so forth in the same wayyou'd create any other account. It is suggested that the accesslevel for this account be set to VIEWER or some other read onlylevel.The anonymous user account will not receive standard notificationsand can not monitor issues.The default setting is blank/undefined. You only need to definethis setting when $g_allow_anonymous_login is set to ON.$g_bug_link_tagIf a number follows this tag it will create a link to a bug.Default is '#'.*'#': a link would be #45*'bug:' a link would be bug:98$g_bugnote_link_tagIf a number follows this tag it will create a link to a bug note.Default is '~'.*'~': a link would be ~45*'bugnote:' a link would be bugnote:98$g_enable_project_documentationSpecifies whether to enable support for project documents or not.Default is OFF. This feature is deprecated and is expected to bemoved to a plugin in the future.$g_admin_site_thresholdThreshold at which a user is considered to be a site administrator.These users have the highest level of access to your Mantisinstallation. This access level is required to change key Mantissettings (such as server paths) and perform other administrativeduties. You may need to change this value from the default ofADMINISTRATOR if you have defined a new access level to replace thedefault ADMINISTRATOR level in constant_inc.php.WarningThis is a potentially dangerous configuration option. Users at orabove this threshold value will have permission to all aspects ofMantis including the admin/ directory. With this access level,users can damage your installation of Mantis, destroy your databaseor have elevated access to your server.DO NOT CHANGE THIS VALUE UNLESS YOU ABSOLUTELY KNOW WHAT YOU'REDOING. BE VERY CAREFUL WITH CHANGING THIS CONFIGURATION VALUE FROMTHE DEFAULT SETTING.$g_manage_configuration_thresholdThe threshold required for users to be able to manage configurationof a project. This includes workflow, email notifications, columnsto view, and others. Default is MANAGER.$g_view_configuration_thresholdThreshold for users to view the raw system configurations as storedin the database. The default value is ADMINISTRATOR.$g_set_configuration_thresholdThreshold for users to set the system configurations genericallyvia MantisBT web interface. The default value is ADMINISTRATOR.WarningUsers who have access to set configuration via the interface MUSTbe trusted. This is due to the fact that these users can leveragethe interface to inject PHP code into the system, which is apotential security risk.$g_csv_separatorThe separator to use for CSV exports. The default value is thecomma (,).$g_csv_injection_protectionWhen this setting is ON (default), any data that could beinterpreted as a formula by a spreadsheet program such as Excel(i.e. starting with =, @, - or +), will be prefixed with a tabcharacter (\t) in order to prevent CSV injection.Sometimes this may not be appropriate (e.g. if the CSV needs to beconsumed programmatically). In that case,$g_csv_injection_protection can be set to OFF, resulting in rawdata to be exported.WarningSetting this to OFF is a security risk. An attacker could upload acrafted CSV file containing formulas that will be executed whenopened with Excel, as described in this article.$g_view_bug_thresholdAccess level needed to view bugs.$g_update_bug_assign_thresholdAccess level needed to show the Assign To: button bug_view*_page orthe Assigned list in bug_update*_page. This allows control over whocan route bugs This defaults to $g_handle_bug_threshold.$g_private_bugnote_thresholdAccess level needed to view private bugnotes.$g_view_handler_thresholdAccess level needed to view handler.$g_view_history_thresholdAccess level needed to view history.$g_bug_reminder_thresholdAccess level needed to send a reminder from the bug view pages setto NOBODY to disable the feature.$g_upload_project_file_thresholdAccess level needed to upload files to the project documentationsection You can set this to NOBODY to prevent uploads to projects.$g_upload_bug_file_thresholdAccess level needed to upload files to attach to a bug You can setthis to NOBODY to prevent uploads to bugs but note that thereporter of the bug will still be able to upload unless you set$g_allow_reporter_upload or $g_allow_file_upload to OFF See also:$g_upload_project_file_threshold, $g_allow_file_upload,$g_allow_reporter_upload.$g_add_bugnote_thresholdAdd bugnote threshold.$g_update_bugnote_thresholdThreshold at which a user can edit the bugnotes of other users.$g_view_proj_doc_thresholdThreshold needed to view project documentation Note: setting thisto ANYBODY will let any user download attachments from privateprojects, regardless of their being a member of it.$g_manage_site_thresholdSite manager.$g_manage_project_thresholdThreshold needed to manage a project: edit project details (not toadd/delete projects) ...etc.$g_manage_news_thresholdThreshold needed to add/delete/modify news.$g_delete_project_thresholdThreshold required to delete a project.$g_create_project_thresholdThreshold needed to create a new project.$g_private_project_thresholdThreshold needed to be automatically included in private projects.$g_project_user_thresholdThreshold needed to manage user access to a project.$g_delete_bugnote_thresholdThreshold at which a user can delete the bugnotes of other users.The default value is equal to the configuration setting$g_delete_bug_threshold.$g_move_bug_thresholdMove bug threshold.$g_stored_query_use_thresholdThreshold needed to be able to use stored queries.$g_stored_query_create_thresholdThreshold needed to be able to create stored queries.$g_stored_query_create_shared_thresholdThreshold needed to be able to create shared stored queries.$g_update_readonly_bug_thresholdThreshold needed to update readonly bugs. Readonly bugs areidentified via $g_bug_readonly_status_threshold.$g_view_changelog_thresholdThreshold for viewing changelog.$g_roadmap_view_thresholdThreshold for viewing roadmap.$g_roadmap_update_thresholdThreshold for updating roadmap, target_version, etc.$g_update_bug_status_thresholdStatus change thresholds.$g_reopen_bug_thresholdAccess level needed to re-open bugs.$g_report_issues_for_unreleased_versions_thresholdAccess level needed to assign bugs to unreleased product versions.$g_set_bug_sticky_thresholdAccess level needed to set a bug sticky.$g_set_status_thresholdThis array sets the access thresholds needed to enter each statuslisted. if a status is not listed, it falls back to$g_update_bug_status_threshold.$g_allow_no_categoryAllow a bug to have no category.$g_limit_view_unless_thresholdThreshold at which a user can view all issues in the project (asallowed by other permissions). Not meeting this threshold means theuser can only see the issues they reported, are handling ormonitoring. A value of ANYBODY means that all users have fullvisibility (as default) This is a replacement for old option:$g_limit_reporters.$g_allow_reporter_uploadReporter can upload Allow reporters to upload attachments to bugsthey reported.$g_bug_count_hyperlink_prefixBug Count Linking This is the prefix to use when creating links tobug views from bug counts (eg. on the main page and the summarypage). Default is a temporary filter.$g_default_manage_tag_prefixDefault tag prefix used to filter the list of tags inmanage_tags_page.php. Change this to 'A' (or any other letter) ifyou have a lot of tags in the system and loading the manage tagspage takes a long time.$g_access_levels_enum_stringStatus from $g_status_index-1 to 79 are used for the onboardcustomization (if enabled) directly use MantisBT to edit them.$g_project_status_enum_stringTODO$g_project_view_state_enum_stringTODO$g_view_state_enum_stringTODO$g_priority_enum_stringTODO$g_severity_enum_stringTODO$g_reproducibility_enum_stringTODO$g_status_enum_stringTODO$g_resolution_enum_stringThe values in this list are also used to define variables in thelanguage files (e.g., $s_new_bug_title referenced inbug_change_status_page.php ). Embedded spaces are converted tounderscores (e.g., "working on" references$s_working_on_bug_title). They are also expected to be Englishnames for the states$g_projection_enum_stringTODO$g_eta_enum_stringTODO$g_sponsorship_enum_stringTODO$g_custom_field_type_enum_stringTODO$g_file_type_iconsMaps a file extension to a file type icon. These icons are printednext to project documents and bug attachments.$g_file_download_content_type_overridesContent types which will be overridden when downloading files.$g_status_icon_arrIcon associative arrays. Status to icon mapping.$g_sort_icon_arrSort direction to icon mapping.$g_rss_enabledThis flag enables or disables RSS syndication. In the case whereRSS syndication is not used, it is recommended to set it to OFF.$g_recently_visited_countThis controls whether to show the most recently visited issues bythe current user or not. If set to 0, this feature is disabled.Otherwise it is the maximum number of issues to keep in therecently visited list.$g_tag_separatorString that will separate tags as entered for input.$g_tag_view_thresholdAccess level required to view tags attached to a bug.$g_tag_attach_thresholdAccess level required to attach tags to a bug.$g_tag_detach_thresholdAccess level required to detach tags from a bug.$g_tag_detach_own_thresholdAccess level required to detach tags attached by the same user.$g_tag_create_thresholdAccess level required to create new tags.$g_tag_edit_thresholdAccess level required to edit tag names and descriptions.$g_tag_edit_own_thresholdAccess level required to edit descriptions by the creating user.$g_enable_profilesEnable Profiles.$g_add_profile_thresholdAdd profile threshold.$g_manage_global_profile_thresholdThreshold needed to be able to create and modify global profiles.$g_allow_freetext_in_profile_fieldsAllows the users to enter free text when reporting/updating issuesfor the profile related fields (i.e. platform, os, os build).$g_plugins_enabledEnable/disable plugins.$g_plugin_pathAbsolute path to plugin files.$g_manage_plugin_thresholdThreshold needed to manage plugins.$g_plugin_mime_typesA mapping of file extensions to mime types, used when servingresources from plugins.$g_plugins_force_installedForce installation and protection of certain plugins. Note thatthis is not the preferred method of installing plugins, whichshould generally be done directly through the plugin managementinterface. However, this method will prevent users with adminaccess from uninstalling plugins through the plugin managementinterface.Entries in the array must be in the form of a key/value pairconsisting of the plugin basename and priority.5.25. Cookies-------------$g_cookie_pathSpecifies the path under which a cookie is visible.All scripts in this directory and its sub-directories will be ableto access MantisBT cookies.Default value is '/'. It is recommended to set this to the actualMantisBT path.$g_cookie_domainThe domain that the MantisBT cookies are available to.$g_cookie_samesiteSpecifies the SameSite attribute to use for the MantisBT cookies.Valid values are Strict (default), Lax or None.$g_cookie_prefixPrefix for all MantisBT cookiesThis must be an identifier which does not include spaces orperiods, and should be unique per MantisBT installation, especiallyif $g_cookie_path is not restricting the cookies' scope to theactual MantisBT directory.It applies to the cookies listed below. Their actual names arecalculated by prepending the prefix, and it is not expected for theuser to need to change these.*$g_bug_list_cookie*$g_collapse_settings_cookieStores the open/closed state of the collapsible sections.*$g_logout_cookie*$g_manage_config_cookieStores the filter criteria for the Manage Config Report page.*$g_manage_users_cookieStores the filter criteria for the Manage Users page.*$g_project_cookie*$g_string_cookie*$g_view_all_cookie$g_string_cookieTODO$g_project_cookieTODO$g_view_all_cookieTODO$g_collapse_settings_cookieCollapse settings cookie. Stores the open/closed state of thecollapsible sections.$g_manage_users_cookieStores the filter criteria for the Manage User page$g_manage_config_cookieStores the filter criteria for the Manage Config Report page$g_logout_cookieTODO$g_bug_list_cookieTODO5.26. Speed Optimisation------------------------$g_compress_htmlThis option is used to enable buffering/compression of HTML outputif the user's browser supports it. Default value is ON. This optionwill be ignored in the following scenarios:*php.ini has zlib.output_compression enabled.*php.ini has output_handler set to a handler.*zlib extension is not enabled. The Windows version of PHP hasbuilt-in support for this extension.$g_use_persistent_connectionsUse persistent database connections, setting this to ON will openthe database once per connection, rather than once per page. Theremight be some scalability issues here and that is why it isdefaulted to OFF.5.27. Reminders---------------Sending reminders is a feature where a user can notify / remind otherusers about a bug. In the past, only selected users like the managers, ordevelopers would get notified about bugs. However, these people can notinvite other people (through MantisBT) to look at or monitor these bugs.This feature is useful if the Manager needs to get feedback from testers/ requirements team about a certain bug. It avoid needing this person todo this manual outside MantisBT. It also records the history of suchreminders.$g_store_remindersSpecifies if reminders should be stored as bugnotes. The bugnotewill still reflect that it is a reminder and list the names ofusers that got it. Default is ON.$g_reminder_recipients_monitor_bugSpecifies if users who receive reminders about a bug, should beautomatically added to the monitor list of that bug. Default is ON.$g_mentions_enabledEnables or disables the @ mentions feature. Default is ON. When auser is @ mentioned in an issue or a note, they receive an emailnotification to get their attention. Users can be @ mentioned usingtheir username and not realname.This feature works with fields like summary, description,additional info, steps to reproduce and notes.$g_mentions_tagThe tag to use for prefixing mentions. Default is '@'.5.28. Bug History-----------------Bug history is a feature where MantisBT tracks all modifications that aremade to bugs. These include everything starting from its creation, tillit is closed. For each change, the bug history will record the timestamp, user who made the change, field that changed, old value, and newvalue.Independent of the these settings, MantisBT will always track the changesto a bug and add them to its history.$g_history_default_visibleMake the bug history visible by default. If this option is notenabled, then the user will have to click on the Bug History linkto see the bug history. Default is ON.$g_history_orderShow bug history entries in ascending or descending order. Defaultvalue is 'ASC'.In this context, MantisBT records individual changes to text fields (Description,Steps to Reproduce, Additional Information as well as Bug Notes). Theserevisions are controlled by the following settings.$g_bug_revision_view_thresholdAccess level required to view bug history revisions. Defaults toDEVELOPER.NoteUsers can always see revisions for the issues and bugnotes theyreported.$g_bug_revision_drop_thresholdAccess level required to drop bug history revisions. Defaults toMANAGER.5.29. Sponsorship-----------------$g_enable_sponsorshipenable/disable the whole issue sponsorship feature. The default osOFF.$g_sponsorship_currencyThe currency string used for all sponsorships. The default is'US$'.$g_minimum_sponsorship_amountThe minimum sponsorship amount that can be entered. If the userenters a value less than this, an error will be flagged. Thedefault is 5.$g_view_sponsorship_total_thresholdThe access level threshold needed to view the total sponsorship foran issue by all users. The default is VIEWER.$g_view_sponsorship_details_thresholdThe access level threshold needed to view the details of thesponsorship (i.e., who will donate what) for an issue by all users.The default is VIEWER.$g_sponsor_thresholdThe access level threshold needed to allow user to sponsor issues.The default is REPORTER. Note that sponsoring user must have theiremail set in their profile.$g_handle_sponsored_bugs_thresholdThe access level required to be able to handle sponsored issues.The default is DEVELOPER.$g_assign_sponsored_bugs_thresholdThe access level required to be able to assign a sponsored issue toa user with access level greater or equal to'handle_sponsored_bugs_threshold'. The default is MANAGER.5.30. Custom Fields-------------------$g_manage_custom_fields_thresholdAccess level needed to manage custom fields. The default isADMINISTRATOR.$g_custom_field_link_thresholdAccess level needed to link a custom field to a project. Thedefault is MANAGER.$g_custom_field_edit_after_createThis flag determines whether to start editing a custom fieldimmediately after creating it, or return to the definition list.The default is ON (edit the custom field after creating).5.31. My View Settings----------------------$g_my_view_boxesThis is an array of values defining the order that the boxes to beshown. A box that is not to be shown can have its value set to 0.The default is:$g_my_view_boxes = array('assigned' => '1','unassigned' => '2','reported' => '3','resolved' => '4','recent_mod' => '5','monitored' => '6','feedback' => '0','verify' => '0','my_comments' => '0');If you want to change the definition, copy the default value andapply the changes.$g_my_view_bug_countNumber of bugs shown in each box. The default is 10.$g_default_home_pageDefault page to transfer to after Login or Set Project. The defaultis 'my_view_page.php'. An alternative would be'view_all_bugs_page.php' or 'main_page.php'.$g_logout_redirect_pageSpecify where the user should be sent after logging out.5.32. Relationship Graphs-------------------------MantisBT can display a graphical representation of the relationshipsbetween issues. Two types of interactive visualizations are available,dependencies and a full relationships graph.ImportantThis feature relies on the external dot and neato tools from the GraphVizlibrary, which must be installed separately.Most Linux distributions have a GraphViz package available for easydownload and install.Under Windows, the software needs to be installed manually. The followingpost-installation steps may be required for proper operations:*Update the system PATH to point to GraphViz's bin directory*Initialize the graph engine by running dot -c from an Administratorcommand prompt.$g_relationship_graph_enableThis enables the relationship graphs feature where issues arerepresented by nodes and relationships as links between such nodes.Possible values are ON or OFF. Default is OFF.$g_relationship_graph_fontnameFont name and size, as required by Graphviz. If Graphviz fails torun for you, you are probably using a font name that gd PHPextension can't find. On Linux, try the name of the font filewithout the extension. The default value is 'Arial'.$g_relationship_graph_fontsizeFont size, default is 8.$g_relationship_graph_orientationDefault dependency orientation. If you have issues with lots ofchildren or parents, leave as 'horizontal', otherwise, if you havelots of "chained" issue dependencies, change to 'vertical'. Defaultis 'horizontal'.$g_relationship_graph_max_depthMax depth for relation graphs. This only affects relationshipgraphs, dependency graphs are drawn to the full depth. The defaultvalue is 2.$g_relationship_graph_view_on_clickIf set to ON, clicking on an issue on the relationship graph willopen the bug view page for that issue, otherwise, will navigate tothe relationship graph for that issue.$g_dot_toolThe full path for the dot tool. The webserver must have executepermission to this program in order to generate relationshipgraphs. This configuration option is not relevant for Windows. Thedefault value is '/usr/bin/dot'.$g_neato_toolThe full path for the neato tool. The webserver must have executepermission to this program in order to generate relationshipgraphs. This configuration option is not relevant for Windows. Thedefault value is '/usr/bin/neato'.$g_backward_year_countNumber of years in the past that custom date fields will display indrop down boxes.$g_forward_year_countNumber of years in the future that custom date fields will displayin drop down boxes.$g_custom_group_actionsThis extensibility model allows developing new group customactions. This can be implemented with a totally custom form andaction pages or with a pre-implemented form and action page andcall-outs to some functions. These functions are to be implementedin a predefined file whose name is based on the action name. Forexample, for an action to add a note, the action would beEXT_ADD_NOTE and the file implementing it would bebug_actiongroup_add_note_inc.php. See implementation of this filefor details.5.33. Wiki Integration----------------------$g_wiki_enableSet to ON to enable Wiki integration. Defaults to OFF.$g_wiki_engineThe following Wiki Engine values are supported:*dokuwiki: DokuWiki*mediawiki: MediaWiki*twiki: TWiki*wackowiki: WackoWiki*wikka: WikkaWiki*xwiki: XWiki$g_wiki_root_namespaceWiki namespace to be used as root for all pages relating to thisMantisBT installation.$g_wiki_engine_urlURL under which the wiki engine is hosted.Must be on the same server as MantisBT, requires a trailing '/'.If left empty (default), the URL is derived from the globalMantisBT path ($g_path, see Section 5.3, “Path”), replacing theURL's path component by the wiki engine string (i.e. if $g_path ='http://example.com/mantis/' and $g_wiki_engine = 'dokuwiki', thewiki URL will be 'http://example.com/dokuwiki/').5.34. Sub-Projects------------------$g_subprojects_enabledWhether sub-projects feature should be enabled. Before turning thisflag OFF, make sure all sub-projects are moved to top levelprojects, otherwise they won't be accessible. The default value isON.$g_subprojects_inherit_versionsWhether sub-projects should inherit versions from parent projects.For project X which is a sub-project of A and B, it will haveversions from X, A and B. The default value is ON.$g_subprojects_inherit_categoriesWhether sub-projects should inherit categories from parentprojects. For project X which is a sub-project of A and B, it willhave categories from X, A and B. The default value is ON.5.35. Field Visibility----------------------$g_enable_etaEnable or disable usage of 'ETA' field. Default value is OFF.$g_enable_projectionEnable or disable usage of 'Projection' field. Default value isOFF.$g_enable_product_buildEnable or disable usage of 'Product Build' field. Default is OFF.$g_bug_report_page_fieldsAn array of optional fields to show on the bug report page.The following optional fields are allowed: additional_info,attachments, category_id, due_date, eta, handler, monitors, os,os_build, platform, priority, product_build, product_version,reproducibility, resolution, severity, status, steps_to_reproduce,tags, target_version, view_state.The summary and description fields are always shown and do not needto be listed in this option. Fields not listed above cannot beshown on the bug report page. Visibility of custom fields ishandled via the Manage => Custom Fields administrator page.Note that monitors is not an actual field; adding it to the listwill let authorized reporters (see monitor_add_others_bug_thresholdin Section 5.24, “Misc”) select users to add to the issue'smonitoring list. Monitors will only be notified of the submissionif both their e-mail preferencess and the notify_flagsconfiguration (see Section 5.8, “Email”) allows it, i.e.$g_notify_flags['new']['monitor'] = ON;This setting can be set on a per-project basis by using the Manage=> Configuration administrator page.$g_bug_view_page_fieldsAn array of optional fields to show on the issue view page andother pages that include issue details.The following optional fields are allowed: additional_info,attachments, category_id, date_submitted, description, due_date,eta, fixed_in_version, handler, id, last_updated, os, os_build,platform, priority, product_build, product_version, project,projection, reporter, reproducibility, resolution, severity,status, steps_to_reproduce, summary, tags, target_version,view_state.Fields not listed above cannot be shown on the bug view page.Visibility of custom fields is handled via the Manage => CustomFields administrator page.This setting can be set on a per-project basis by using the Manage=> Configuration administrator page.$g_bug_update_page_fieldsAn array of optional fields to show on the bug update page.The following optional fields are allowed: additional_info,category_id, date_submitted, description, due_date, eta,fixed_in_version, handler, id, last_updated, os, os_build,platform, priority, product_build, product_version, project,projection, reporter, reproducibility, resolution, severity,status, steps_to_reproduce, summary, target_version, view_state.Fields not listed above cannot be shown on the bug update page.Visibility of custom fields is handled via the Manage => CustomFields administrator page.This setting can be set on a per-project basis by using the Manage=> Configuration administrator page.5.36. System Logging and Debugging----------------------------------This section describes settings which can be used to troubleshootMantisBT operations as well as assist during development.$g_show_timerTime page loads. The page execution timer shows at the bottom ofeach page.Default is OFF.$g_show_memory_usageShow memory usage for each page load in the footer.Default is OFF.$g_debug_emailUsed for debugging e-mail notifications. When it is '', the emailsare sent normally. If set to an e-mail address, all messages aresent to it, with the original recipients (To, Cc, Bcc) included inthe message body.Default is ''.$g_show_queries_countShows the total number/unique number of queries executed to servethe page.Default is OFF.$g_display_errorsErrors Display Method. Defines what errors are displayed and how.Available options are:DISPLAY_ERROR_HALTStop and display the error message (including variables andbacktrace if $g_show_detailed_errors is ON).DISPLAY_ERROR_INLINEDisplay a one line error and continue execution.DISPLAY_ERROR_NONESuppress the error (no display). This is the default behaviorfor unspecified errors constants.The default settings are recommended for use in production, andwill only display MantisBT fatal errors, suppressing output of allother error types.Recommended config_inc.php settings for developers:$g_display_errors = array(E_WARNING => DISPLAY_ERROR_HALT,E_ALL => DISPLAY_ERROR_INLINE,);NoteThe system automatically sets $g_display_errors to the aboverecommended development values when the server's name is localhost.Less intrusive settings, recommended for testing purposes:$g_display_errors = array(E_USER_WARNING => DISPLAY_ERROR_INLINE,E_WARNING => DISPLAY_ERROR_INLINE,);NoteE_USER_ERROR, E_RECOVERABLE_ERROR and E_ERROR will always be set toDISPLAY_ERROR_HALT internally, regardless of the actual configuredvalue. This ensures that program execution stops, to preventpotential integrity issues and/or MantisBT from functioningincorrectly.$g_show_detailed_errorsShows a list of variables and their values whenever an error istriggered. Only applies to error types configured toDISPLAY_ERROR_HALT in $g_display_errors.Default is OFF.WarningSetting this to ON is a potential security hazard, as it can exposesensitive information. Only enable this setting for debuggingpurposes when you really need it.$g_stop_on_errorsDebug messages. If this option is turned OFF, page redirects willfunction if a non-fatal error occurs. For debugging purposes, youcan set this to ON so that any non-fatal error will prevent pageredirection, allowing you to see the errors.Default is OFF.NoteThis should only be turned on when debugging.$g_log_levelThe system logging interface is used to extract detailed debugginginformation for the MantisBT system. It can also serve as an audittrail for users' actions.This controls the type of logging information recorded. Refer to$g_log_destination for details on where to save the logs.The available log channels are:LOG_NONEDisable loggingLOG_AJAXlogs AJAX eventsLOG_DATABASElogs database events and executed SQL queriesLOG_EMAILlogs issue id, message type and recipients for all emailssentLOG_EMAIL_VERBOSEEnables extra logging for troubleshooting internals of emailqueuing and sending.LOG_EMAIL_RECIPIENTlogs the details of email recipient determination. Each userid is listed as well as why they are added, or deleted fromthe recipient listLOG_FILTERINGlogs filter operationsLOG_LDAPlogs the details of LDAP operationsLOG_WEBSERVICElogs the details of Web Services operations (e.g. SOAP API)LOG_PLUGINEnables logging from plugins.LOG_ALLcombines all of the above log levelsDefault is LOG_NONE.NoteMultiple log channels can be combined using PHP bitwise operators ,e.g.$g_log_level = LOG_EMAIL | LOG_EMAIL_RECIPIENT;or$g_log_level = LOG_ALL & ~LOG_DATABASE;$g_log_destinationSpecifies where the log data goes. The following five options areavailable:''The empty string means default PHP error log settings'none'Don't output the logs, but would still trigger EVENT_LOGplugin event.'file'Log to a specific file, specified as an absolute path, e.g.'file:/var/log/mantis.log' (Unix) or'file:c:/temp/mantisbt.log' (Windows)NoteThis file must be writable by the web server runningMantisBT.'page'Display log output at bottom of the page. See also$g_show_log_threshold to restrict who can see log data.Default is '' (empty string).$g_show_log_thresholdIndicates the access level required for a user to see the logoutput (if $g_log_destination is 'page').Default is ADMINISTRATOR.NoteThis threshold is compared against the user's global access levelrather than the one from the currently active project.5.37. Time Tracking-------------------$g_time_tracking_enabledTurns Time Tracking features ON or OFF - Default is OFF$g_time_tracking_without_noteAllow time tracking to be recorded without writing some text in theassociated bugnote - Default is ON$g_time_tracking_with_billingAdds calculation links to workout how much time has been spentbetween a particular time frame. Currently it will allow you toenter a cost/hour and will work out some billing information. Thiswill become more extensive in the future. Currently it is more of aproof of concept.$g_time_tracking_billing_rateDefault billing rate per hour - Default is 0$g_time_tracking_stopwatchInstead of a text field turning this option on places a stopwatchon the page with Start/Stop and Reset buttons next to it. A bitgimmicky, but who cares.$g_time_tracking_view_thresholdAccess level required to view time tracking information - DefaultDEVELOPER.$g_time_tracking_edit_thresholdAccess level required to add/edit time tracking information (If yougive a user $g_time_tracking_edit_threshold you must give them$g_time_tracking_view_threshold as well) - Default DEVELOPER.$g_time_tracking_reporting_thresholdAccess level required to run reports (not completed yet) - DefaultMANAGER.5.38. API---------MantisBT exposes a webservice API which allows remote clients to interactwith MantisBT and perform many of the usual tasks, such as reportingissues, running filtered searches and retrieving attachments.The SOAP API is enabled by default and available at/api/soap/mantisconnect.php below the MantisBT root. A WSDL file whichdescribes the web service is available at/api/soap/mantisconnect.php?wsdl below the MantisBT root.The REST API is enabled by default. A Swagger sandbox and documentationfor REST API is available at /api/rest/swagger/ below the MantisBT root.The following options are used to control the behaviour of the MantisBTSOAP API:$g_webservice_rest_enabledWhether the REST API is enabled or not. Note that this flag onlyimpacts API Token based auth. Hence, even if the API is disabled,it can still be used from the Web UI using cookie basedauthentication. Default ON.$g_webservice_readonly_access_level_thresholdMinimum global access level required to access webservice forreadonly operations.$g_webservice_readwrite_access_level_thresholdMinimum global access level required to access webservice forread/write operations.$g_webservice_admin_access_level_thresholdMinimum global access level required to access the administratorwebservices.$g_webservice_specify_reporter_on_add_access_level_thresholdMinimum project access level required for caller to be able tospecify reporter when adding issues or issue notes. Defaults toDEVELOPER.$g_webservice_priority_enum_default_when_not_foundThe following enum id is used when the webservices get enum labelsthat are not defined in the associated MantisBT installation. Inthis case, the enum id is set to the value specified by thecorresponding configuration option.$g_webservice_severity_enum_default_when_not_foundThe following enum id is used when the webservices get enum labelsthat are not defined in the associated MantisBT installation. Inthis case, the enum id is set to the value specified by thecorresponding configuration option.$g_webservice_status_enum_default_when_not_foundThe following enum id is used when the webservices get enum labelsthat are not defined in the associated MantisBT installation. Inthis case, the enum id is set to the value specified by thecorresponding configuration option.$g_webservice_resolution_enum_default_when_not_foundThe following enum id is used when the webservices get enum labelsthat are not defined in the associated MantisBT installation. Inthis case, the enum id is set to the value specified by thecorresponding configuration option.$g_webservice_projection_enum_default_when_not_foundThe following enum id is used when the webservices get enum labelsthat are not defined in the associated MantisBT installation. Inthis case, the enum id is set to the value specified by thecorresponding configuration option.$g_webservice_eta_enum_default_when_not_foundThe following enum id is used when the webservices get enum labelsthat are not defined in the associated MantisBT installation. Inthis case, the enum id is set to the value specified by thecorresponding configuration option.$g_webservice_error_when_version_not_foundIf ON and the supplied version is not found, then a SoapExceptionwill be raised.$g_webservice_version_when_not_foundDefault version to be used if the specified version is not foundand $g_webservice_error_when_version_not_found == OFF. (at themoment this value does not depend on the project).5.38.1. Disabling the webservice APIIf you wish to temporarily disable the webservice API it is sufficient toset the specific access thresholds to NOBODY:$g_webservice_readonly_access_level_threshold =$g_webservice_readwrite_access_level_threshold =$g_webservice_admin_access_level_threshold = NOBODY;While the SOAP API will still be accessible, it will not allow users toretrieve or modify data.5.39. Anti-Spam Configuration-----------------------------$g_antispam_max_event_countMax number of events to allow for users with default access level(see $g_default_new_account_access_level) when signup is enabled.Use 0 for no limit. Default is 10.$g_antispam_time_window_in_secondsTime window to enforce max events within. Default is 3600 seconds(1 hour).5.40. Due Date--------------$g_due_date_update_thresholdThreshold to update due date submitted. Default is NOBODY.$g_due_date_view_thresholdThreshold to see due date. Default is NOBODY.$g_due_date_defaultDefault due date value for newly submitted issues. A valid relativedate format e.g. today or +2 days, or empty string for no due dateset (default).$g_due_date_warning_levelsDue date warning levels. A variable number of Levels (defined as anumber of seconds going backwards from the current timestamp,compared to an issue's due date) can be defined. Levels must bedefined in ascending order.*The first entry (array key 0) defines Overdue. Normally and bydefault, its value is 0, meaning that issues will be markedoverdue as soon as their due date has passed. However, it isalso possible to set it to a higher value to flag overdueissues earlier, or even use a negative value to allow a "graceperiod" after due date.*Array keys 1 and 2 offer two levels of Due soon: orange andgreen. By default, only the first one is set, to 7 days.Out of the box, MantisBT allows for 3 warning levels. Additionalones may be defined, but in that case new due-N CSS rules (where Nis the array's index) must be created otherwise the extra levelswill not be highlighted in the UI.5.41. User Management---------------------$g_impersonate_user_thresholdThe threshold for a user to be able to impersonate another user, orNOBODY to disable impersonation. Default ADMINISTRATOR.$g_manage_user_thresholdThe threshold for a user to manage user accounts. DefaultADMINISTRATOR.5.42. View Page Settings------------------------$g_issue_activity_note_attachments_seconds_thresholdIf a user submits a note with an attachments (with the specified #of seconds) the attachment is linked to the note. Or 0 fordisabling this feature.5.43. Issues visibility-----------------------By default, all issues are visible to any user within a project. To limitthe visibility of issues there are several mechanisms.5.43.1. Public/Private view statusA view status flag can be set, for an issue, to be either public orprivate. Private issues are accesible by the user who created it, and bythose users that meet a threshold defined in $g_private_bug_threshold.Refer to the following configuration options related to issue view statusconfigurations:$g_private_bug_thresholdThe threshold for a user to be able to view any private issuewithin a project.$g_set_view_status_thresholdThe threshold for a user to be able to set an issue toPrivate/Public.$g_change_view_status_thresholdThe threshold for a user to be able to update the view status whileupdating an issue.5.43.2. Limited view configurationThe $g_limit_view_unless_threshold option allows the administrator toconfigure access limitations for users, letting them view only thoseissues that they are involved with, i.e. if:*They reported the issue,*It is assigned to them,*Or they are monitoring the issue.This configuration option can be set individually for each project. Itdefaults to ANYBODY, effectively disabling the limitation (i.e. users cansee all issues).The value for this option is an access level threshold, so that thoseusers that meet that threshold have an unrestricted view of any issue inthe project. A user that doesn't meet this threshold, will have arestricted view of only those issues in the conditions previouslydescribed.Note that this visibility does not override other restrictions as privateissues or pivate projects user assignments.5.43.3. "Limit reporters" configuration (deprecated)When the option $g_limit_reporters is enabled, users that are reportersin a project, or lower access level, are only allowed to see the issuesthey reported. Issues reported by other users are not accessible by them.This option is only supported for ALL_PROJECTS, this means that it's aglobal setting that affects all projectsNote that the definition of reporter in this context is the actual accesslevel for which a user is able to report issues, and is determined by$g_report_bug_threshold. Additionally, that threshold can have differentvalues in each project. Being dependant on that threshold, the behaviourof this option is not well defined when the reporting threshold isconfigured as discrete values with gaps, instead of a simple threshold.In that scenario, the visibilty is determined by the minimum access levelcontained in the $g_report_bug_threshold access levels array.NoteThis option option is deprecated in favour of$g_limit_view_unless_threshold. The new option will be available bydefault on new installations, or after disabling $g_limit_reporters ifenabled in an existing instance.Chapter 6. Page descriptions============================6.1. Login page---------------Just enter your username and password and hit the login button. There isalso a Save Login checkbox to have the package remember that you arelogged in between browser sessions. You will have to have cookies enabledto login.If the account doesn't exist, the account is disabled, or thepassword is incorrect then you will remain at the login page. An errormessage will be displayed.The administrator may allow users to sign upfor their own accounts. If so, a link to Signup for your own account willbe available.The administrator may also have anonymous login allowed.Anonymous users will be logged in under a common account.You will beallowed to select a project to work in after logging in. You can make aproject your default selection from the Select Project screen or fromyour Account Options.SignupHere you can signup for a new account. Youmust supply a valid email address and select a unique username. Yourrandomly generated password will be emailed to your email account. IfMantisBT is setup so that the email password is not to be emailed, newlygenerated accounts will have an empty password.6.2. Main page--------------This is the first page you see upon logging in. It shows you the latestnews updates for the bugtracker. This is a simple news module (based offof work by Scott Roberts) and is to keep users abreast of changes in thebugtracker or project. Some news postings are specific to projects andothers are global across the entire bugtracker. This is set at the timeof posting in the Edit News section.The number of news posts iscontrolled by a global variable. When the number of posts is more thanthe limit, a link to show "older news" is displayed at the bottom.Similarly a "newer news" is displayed when you have clicked on "oldernews".There is an Archives option at the bottom of the page to view alllistings.ArchivesA title/date/poster listing of ALL past news articleswill be listed here. Clicking on the link will bring up the specifiedarticle. This listing will also only display items that are either globalor specific to the selected project.6.3. View Issues page---------------------Here we can view the issue listings. The page has a set of viewingfilters at the top and the issues are listed below.FiltersThe filterscontrol the behavior of the issues list. The filters are saved betweenbrowsing sessions but do not currently save sort order or direction.Ifthe number of issues exceeds the "Show" count in the filter a set ofnavigation to go to "First", "Last", "Previous", "Next" and specific pagenumbers are added.The Search field will look for simple keyword matchesin the summary, description, steps to reproduce, additional information,issue id, or issue text id fields. It does not search through issuenotes. Issue List - The issues are listed in a table and the attributesare listed in the following order: priority, id, number of issue notes,category, severity, status, last updated, and summary. Each (except fornumber of issue notes) can be clicked on to sort by that column. Clickingagain will reverse the direction of the sort. The default is to sort bylast modification time, where the last modified issue appears at the top.The issue id is a link that leads to a more detailed report about theissue. You can also add issue notes here. The number in the issue notecount column will be bold if an issue note has been added in thespecified time frame. The addition of an issue note will make the issuenote link of the issue appear in the unvisited state. The text in the"Severity" column will be bold if the severity is major, crash, or blockand the issue not resolved. The text in the "Updated" column will be boldif the issue has changed in the last "Changed(hrs)" field which isspecified in the viewing filters. Each table row is color coded accordingto the issue status. The colors can be customised through MantisBTconfiguration pages (see Chapter 5, Configuration for details).Severities block - prevents further work/progress from being made crash -crashes the application or blocking, major - major issue, minor - minorissue, tweak - needs tweaking, text - error in the text, trivial - beingnit picky, feature - requesting new feature - Status new - new issue,feedback - issue requires more information from reporter, acknowledged -issue has been looked at but not confirmed or assigned, confirmed -confirmed and reproducible (typically set by an Updater or otherDeveloper), assigned - assigned to a Developer, resolved - issue shouldbe fixed, waiting on confirmation of fix, closed - issue is closed,Moving the mouse over the status text will show the resolution as atitle. This is rendered by some browsers as a bubble and in others as astatus line text.6.4. Issue View page--------------------Here is the simple listing of the issue report. Most of the fields areself-explanatory. "Assigned To" will contain the developer assigned tohandle the issue. Priority is fully functional but currently does nothingof importance. Duplicate ID is used when an issue is a duplicate ofanother. It links to the duplicate issue which allows users to read up onthe original issue report. Below the issue report is a set of buttonsthat a user can select to work on the issue.*Update Issue - brings up a page to edit all aspects of the issue*Assign to - in conjunction with the dropdown list next top thebutton, this is a shortcut to change the assignment of an issue*Change Status to - in conjunction with the dropdown list next top thebutton, this is a shortcut to change the status of an issue. Anotherpage (Change Status) will be presented to allow the user to add notesor change relevant information*Monitor / Unmonitor Issue - allows the user to monitor any additionsto the issue by email*Create Clone - create a copy of the current issue. This presents theuser with a new issue reporting form with all of the information inthe current issue filled in. Upon submission, a new issue, related tothe current issue, will be created.*Reopen Issue - Allows the user to re-open a resolved issue*Move Issue - allows the user to move the issue to another project*Delete Issue - Allows the user to delete the issue permanently. It isrecommended against deleting issues unless the entry is frivolous.Instead issues should be set to resolved and an appropriateresolution category chosen.A panel is provided to view and update the sponsorship of anissue.Another panel is provided to view, delete and add relationships foran issue. Issues can have a parent/child relationship, where the user iswarned about resolving a parent issue before all of the children areresolved. A peer relationship is also possible.Below this, there may be aform for uploading file attachments. The Administrator needs to configurethe bugtracker to handle file uploads. If uploading to disk is selected,each project needs to set its own upload path. Issue notes are shown atthe bottom of the issue report. A panel to add issue notes is also shown.6.5. Issue Change Status page-----------------------------This page is used to change the status of an issue. A user can add anissue note to describe the reason for change.In addition, the followingfields may be displayed for update:*Resolution and Duplicate ID - for issues being resolved or closed*Issue Handler (Assigned to)*any Custom Fields that are to be visible on update or resolution*Fixed in Version - for issues being resolved*Close Immediately - to immediately close a resolved issue6.6. Issue Edit page--------------------The layout of this page resembles the Simple Issue View page, but hereyou can update various issue fields. The Reporter, Category, Severity,and Reproducibility fields are editable but shouldn't be unless there isa gross mis-categorization.Also modifiable are the Assigned To, Priority,Projection, ETA, Resolution, and Duplicate ID fields.As per version0.18.0, the user can also add an issue note as part of an issue update.6.7. My Account Page--------------------This page changes user alterable parameters for the system. Theseselections are user specific. This allows the user to change theirpassword, username, real name and email address. It also reports theuser's access levels on the current project and default access level usedfor public projects.6.7.1. PreferencesThis sets the following information:*Default project*whether the pages used for reporting, viewing, and updating are thesimple or advanced views*the delay in minutes between refreshes of the view all issues page*the delay in seconds when redirecting from a confirmation page to thedisplay page*the time order in which notes will be sorted*whether to filter email messages based on type of message andseverity*the number of notes to append to notification emails*the default language for the system. The additional setting of "auto"will use the browser's default language for the system.6.7.2. ProfilesProfiles are shortcuts to define the values for Platform, OS, andversion. This page allows you to define and edit personal shortcuts.6.7.3. Manage ColumnsProvides the ability to select the fields to be displayed in View Issues,Print Issues, CSV and Excel exports. The changes apply to the currentlyselected projects or All Projects for setting the defaults. It is alsopossible to copy such settings from/to other projects.6.7.4. API TokensProvides the ability to generate and revoke tokens that can be used byapplications and services to access MantisBT via its APIs. This page alsoprovides information about the creation and last used timestamps for suchtokens.6.8. System Management Pages----------------------------A number of pages exist under the "Manage" link. These will only bevisible to those who have an appropriate access level.6.8.1. UsersThis page allow an administrator to manage the users in the system.Itessentially supplies a list of users defined in the system. The usernames are linked to a page where you can change the user's name, accesslevel, and projects to which they are assigned. You can also reset theirpasswords through this page.At the top, there is also a list of new users(who have created an account in the last week), and accounts where theuser has yet to log in.New users are created using the "Create User" linkabove the list of existing users. Note that the username must be uniquein the system. Further, note that the user's real name (as displayed onthe screen) cannot match another user's user name.6.8.2. Manage Projects PageThis page allows the user to manage the projects listed in thesystem.Each project is listed along with a link to manage that specificproject. The specific project pages allow the user to change:*the project name*the project description*its status*whether the project is public or private. Private projects are onlyvisible to users who are assigned to it or users who have the accesslevel to automatically have access to private projects (eg:administrators).*file directory used to store attachments for issues and documentsassociated with the project. This folder is located on the webserver,it can be absolute path or path relative to the main MantisBT folder.Note that this is only used if the files are stored on disk.*common subprojects. These are other projects who can be considered asub-project of this one. They can be shared amongst multipleprojects. For example, a "documentation" project may be sharedamongst several development projects.*project categories. These are used to sub-divide the issues stored inthe system.*project versions. These are used to create ChangeLog reports and canbe used to filter issues. They are used for both the Found In andFixed In versions.*Custom Fields linked to this project*Users linked to this project. Here is the place where a user's accesslevel may be upgraded or downgraded depending on their particularrole in the project.6.8.3. Manage Custom FieldsThis page is the base point for managing custom fields. It lists thecustom fields defined in the system. There is also a place to enter a newfield name to create a new field.The "Edit" links take you to a page where you can define the details of acustom field. These include it's name, type, value, and displayinformation. On the edit page, the following information is defined tocontrol the custom field:*name*type*Value constraints (Possible values, default value, regularexpression, minimum length, maximum length).*Access (who can read and write the field based on their accesslevel).*Display control (where the field will show up and must be filled inAll fields are compared in length to be greater than or equal to theminimum length, and less than or equal to the minimum length, unlessthese values are 0 in which case the check is skipped. All fields arealso compared against the regular expression; if the value matches, thenit is valid. For example, the expression ^-?([0-9])*$ can be used toconstrain an integer.Please refer to Section 7.2, “Custom Fields” for further details aboutCustom Fields and all the above-mentioned properties.6.8.4. Global ProfilesThis page allows the definition of global profiles accessible to allusers of the system. It is similar to the user definition of a profileconsisting of Platform, OS and Version.6.8.5. ConfigurationThis set of pages control the configuration of the MantisBT system. Notethat the configuration items displayed may be on a project by projectbasis.These pages serve two purposes. First, they will display thesettings for the particular aspects of the system. If authorized, theywill allow a user to change the parameters. They also have settings forwhat access level is required to change these settings ON A PROJECTbasis. In general, this should be left alone, but administrators may wantto delegate some of these settings to managers.6.8.5.1. Workflow ThresholdsThis page covers the adjustment of the settings for many of the workflowrelated parameters. For most of these, the fields are self explanatoryand relate to a similarly named setting in the configuration file. At theright of each row is a selector that allows the administrator to lowerthe access level required to change the particular parameter.The valueschangeable on this page are:Issues.TitleVariableDescriptionReport an Issue$g_report_bug_thresholdthreshold to report an issueStatus to which a new issue is set$g_bug_submit_statusstatus issue is set to when submittedUpdate an Issue$g_update_bug_thresholdthreshold to update an issueAllow Reporter to close an issue$g_allow_reporter_closeallow reporter to close issues they reportedMonitor an issue$g_monitor_bug_thresholdthreshold to monitor an issueHandle Issue$g_handle_bug_thresholdthreshold to handle (be assigned) an issueAssign Issue$g_update_bug_assign_thresholdthreshold to be in the assign to listMove Issue$g_move_bug_thresholdthreshold to move an issue to another project. This setting is for allprojects.Delete Issue$g_delete_bug_thresholdthreshold to delete an issueReopen Issue$g_reopen_bug_thresholdthreshold to reopen an issueAllow reporter to reopen Issue$g_allow_reporter_reopenallow reporter to reopen issues they reportedStatus to which a reopened Issue is set$g_bug_reopen_statusstatus issue is set to when reopenedResolution to which a reopened Issue is set$g_bug_reopen_resolutionresolution issue is set to when reopenedStatus where an issue is considered resolved$g_bug_resolved_status_thresholdstatus where bug is resolvedStatus where an issue becomes read-only$g_bug_readonly_status_thresholdstatus where bug is read-only (see update_readonly_bug_threshold)Update readonly issue$g_update_readonly_bug_thresholdthreshold to update an issue marked as read-onlyUpdate Issue Status$g_update_bug_status_thresholdthreshold to update an issue's statusView Private Issues$g_private_bug_thresholdthreshold to view a private issueSet View Status$g_set_view_status_thresholdthreshold to set an issue to Private/PublicUpdate View Status$g_change_view_status_thresholdthreshold needed to update the view status while updating an issue or anissue noteShow list of users monitoring issue$g_show_monitor_list_thresholdthreshold to see who is monitoring an issueAdd monitors to an issue$g_monitor_add_others_bug_thresholdthreshold to add users to the list of users monitoring an issueRemove monitors from an issue$g_monitor_delete_others_bug_thresholdthreshold to remove users from the list of users monitoring an issueSet status on assignment of handler$g_auto_set_status_to_assignedchange status when an issue is assignedStatus to set auto-assigned issues to$g_bug_assigned_statusstatus to use when an issue is auto-assignedLimit reporter's access to their own issues (deprecated option)$g_limit_reportersreporters can see only issues they reported. This setting is for allprojects.Limit access only to those issues reported, handled, or monitored by theuser$g_limit_view_unless_thresholdthreshold that, if not met, hides other users' issues.Notes.TitleVariableDescriptionAdd Notes$g_add_bugnote_thresholdthreshold to add an issue noteUpdate Others' Notes$g_update_bugnote_thresholdthreshold at which a user can edit issue notes created by other usersUpdate Own Notes$g_bugnote_user_edit_thresholdthreshold at which a user can edit issue notes created by themselvesDelete Others' Notes$g_delete_bugnote_thresholdthreshold at which a user can delete issue notes created by other usersDelete Own Notes$g_bugnote_user_delete_thresholdthreshold at which a user can delete issue notes created by themselvesView private notes$g_private_bugnote_thresholdthreshold to view a private issue noteChange view state of own notes$g_bugnote_user_change_view_state_thresholdthreshold at which a user can change the view state of issue notescreated by themselvesOthers.TitleVariableDescriptionView Change Log$g_view_changelog_thresholdthreshold to view the changelogView Roadmap$g_roadmap_view_thresholdthreshold to view the roadmapView Summary$g_view_summary_thresholdthreshold to view the summaryView Assigned To$g_view_handler_thresholdthreshold to see who is handling an issueView Issue History$g_view_history_thresholdthreshold to view the issue historySend Reminders$g_bug_reminder_thresholdthreshold to send a reminder6.8.5.2. Workflow TransitionsThis page covers the status workflow. For most of these, the fields areself explanatory and relate to a similarly named setting in theconfiguration file. At the right of each row is a selector that allowsthe administrator to lower the access level required to change theparticular parameter.The values changeable on this page are:Table 6.1. IssuesTitleVariableDescriptionStatus to which a new issue is set$g_bug_submit_statusstatus issue is set to when submittedStatus where an issue is considered resolved$g_bug_resolved_status_thresholdstatus where issue is resolvedStatus to which a reopened Issue is set$g_bug_reopen_statusstatus issue is set to when reopenedThe matrix that follows has checkmarks where the transitions are allowedfrom the status on the left edge to the status listed across the top.This corresponds to the $g_enum_workflow array.At the bottom, there is alist of access levels that are required to change the status to the valuelisted across the top. This can be used, for instance, to restrict thosewho can close an issue to a specific level, say a manager. Thiscorresponds to the $g_set_status_threshold array and the$g_report_bug_threshold setting.6.8.5.3. Email NotificationsThis page sets the system defaults for sending emails on issue relatedevents. MantisBT uses flags and a threshold system to generate emails onevents. For each new event, email is sent to:*the reporter*the handler (or Assigned to)*anyone monitoring the issue*anyone who has ever added a issue note the issue*anyone assigned to the project whose access level matches a rangeFrom this list, those recipients who meet the following criteria areeliminated:*the originator of the change, if $g_email_receive_own is OFF*the recipient either no longer exists, or is disabled*the recipient has turned their email_on_<new status> preference OFF*the recipient has no email address enteredThe matrix on this page selects who will receive messages for each of theevents listed down the left hand side. The first four columns correspondto the first four points listed above. The next columns correspond to theaccess levels defined. Note that because a minimum and maximum thresholdare used, a discontinuous selection is not allowed.6.9. Monitor Issue------------------The monitor issues feature allows users to subscribe to certain issuesand hence get copied on all notification emails that are sent for theseissues.Depending on the configuration, sending a reminder to a user aboutan issue can add this issue to the user's list of monitored issues. Userswho reported the issue or are assigned the issue typically don't need tomonitor the issue to get the notifications. This is because by defaultthey get notified on changes related to the issue anyway. However,administrators can change the configuration to disable notifications toreporters or handlers in specific scenarios.6.10. Reopen Issue------------------Re-open issue button is visible in the issue view pages if the user hasthe appropriate access level and the issue is resolved/closed. Re-openinga issue will allow users to enter issue notes for the re-opening reason.The issue will automatically be put into the Feedback status.6.11. Delete Issue------------------The delete issues button appears on the issue view pages for the userswho have the appropriate access level. This allows you to delete anexisting issue. This should only be used on frivolous or test issues. Aconfirmation screen will prompt you if you really want to delete theissue. Updaters, Developers, Managers, and Administrators can removeissues (you can also configure this).6.12. Close Issue-----------------This is a button that appears on the issue view pages for users that areauthorized to close issues. Depending on the configuration, users may beable to close issues without having to resolve them first, or may be ableto only close resolved issues. After the button is clicked, the user isredirected to a page where an issue note maybe added.6.13. Assign to Me------------------This button appears in the issue view pages in case of users with accesslevel that is equal to handle_bug_threshold or higher. When this buttonis clicked the issue is assigned to the user.6.14. Resolve Issue-------------------This option on the View Issues page allows you to resolve the issue. Itwill lead you to a page where you can set the resolution state and aduplicate id (if applicable). After choosing that the user can choose toenter an issue note detailing the reason for the closure. The issue isthen set to the Resolved state. The reporter should check off on theissue by using the Close Issue button.6.15. News Syndication----------------------MantisBT supports news syndication using RSS v2.0 protocol. MantisBT alsosupports authenticated news feeds for private projects or installationswhere anonymous access is not enabled. Authenticated feeds takes a username and a key token that are used to authenticate the user and generatethe feed results in the context of the user's access rights (i.e. thesame as what the user would see if they were to logged into MantisBT).Toget access to the News RSS as anonymous user, visit the following page:http://www.example.com/mantisbt/news_rss.php While a user is logged in,the RSS links provided in the UI will always provide links to theauthenticated feeds, if no user is logged in (i.e. anonymous), thenanonymous links will be provided.Chapter 7. Customizing MantisBT===============================7.1. Strings / Translations---------------------------All the strings used in MantisBT including error messages, as well asthose defined in plugins, can be customized or translated differently.This is achieved by overriding them in the Custom Strings File (config/custom_strings_inc.php),which is automatically detected and included by MantisBT code.Defining custom strings in this file provides a simple upgrade path, andavoids having to re-apply changes to modified core language files whenupgrading MantisBT to the next release.NoteThe standard MantisBT language strings are sometimes reused in differentcontexts. If you are planning to override some strings to meet yourspecific requirements, make sure to analyze where and how they are usedto avoid unexpected issues.7.1.1. Custom Strings File FormatThis is a regular PHP script, containing variable assignments andoptionally some control structures to conditionally define strings basedon specific criteria (see Section 7.2.5, “Localizing Custom Field Names”for an example).<?php$s_CODE = STRING;$MANTIS_ERROR[ERROR_NUMBER] = STRING;Where*CODE = language string code, as called by lang_get() function. Searchin lang/strings_english.txt for existing codes.*ERROR_NUMBER = error number or constant, see constant_inc.php.*STRING = string value / translation.NoteThe custom_strings_inc.php file should only contain variable assignmentsand basic PHP control structures. In particular, calling MantisBT corefunctions in it is not recommended, as it could lead to unexpectedbehavior and even errors depending on context.If you must use API calls, then anything that expects an active databaseconnection needs to be protected, e.g.<?phpif( db_is_connected() ) {if( helper_get_current_project() == 1 ) {$s_summary = 'Title';}}WarningNEVER call lang_get_current() from the custom_strings_inc.php. Doing sowill reset the active_language, causing the code to return incorrecttranslations if the default language is different from English. Alwaysuse the $g_active_language global variable instead.7.2. Custom Fields------------------7.2.1. OverviewDifferent teams typically like to capture different information as usersreport issues, in some cases, the data required is even different fromone project to another. Hence, MantisBT provides the ability for managersand administrators to define custom fields as way to extend MantisBT todeal with information that is specific to their teams or their projects.The aim is for this to keep MantisBT native fields to a minimum.Following are some facts about the implementation of custom fields inMantisBT:*Custom fields are defined system wide.*Custom fields can be linked to multiple projects.*The sequence of displaying custom fields can be different perproject.*Custom fields must be defined by users with access levelADMINISTRATOR.*Custom fields can be linked to projects by users with access levelMANAGER or above (by default, this can be configurable).*Number of custom fields is not restricted.*Users can define filters that include custom fields.*Custom fields can be included in View Issues, Print Issues, and CSVexports.*Enumeration custom fields can have a set of static values or valuesthat are calculated dynamically based on a custom function.7.2.2. Custom Field DefinitionThe definition of a custom field includes the following logicalattributes:*Caption variable name. This value is supplied to the lang_get() API;it is therefore mandatory to set this to a valid PHP identifier (i.e.only letters, numbers and underscores; no spaces) if you intend totranslate the field label (see Section 7.2.5, “Localizing CustomField Names”).NoteIf the specified variable is not found in the language files or incustom_strings_inc.php, then it will be displayed as-is.*Custom field type, can be one of:*string, for strings of up to 255 characters.*numeric, for numerical integer values.*float, for real (float / double) numbers.*email, for storing email addresses.*enumeration is used when a user selects one entry from a list.The user interface for this type is a combo-box.*checkbox is like enumeration, but the options are shown ascheckboxes and the user is allowed to tick more than one item.The default value and the possible value can contain multiplevalues like RED|YELLOW|BLUE.*radio is like enumeration, but the list is shown as radio buttonsand the user is only allowed to tick a single option.The possible values can be RED|YELLOW|BLUE, and default YELLOW.NoteThe default value can't contain multiple values.*list is like enumeration but the list is shown as a list boxwhere the user is only allowed to select one option.The possible values can be RED|YELLOW|BLUE, and default YELLOW.NoteThe default value can't contain multiple values.*multi-selection list is like enumeration, but the list is shownas a list box where the user is allowed to select multipleoptions.The possible values can be RED|YELLOW|BLUE, and default RED|BLUE.NoteMultiple values are allowed as default.*date, for date values.The default value can be empty, a numeric UNIX timestamp, or adate in a valid format, including relative indications such astomorrow, next week, last month, +3 days, last day of this month,etc.NoteThe legacy format where the dynamic date had to be wrapped incurly brackets (e.g. {tomorrow}) is still supported forbackwards-compatibility, but no longer necessary. This isconsidered a deprecated feature, that will be removed in a futurereleased of MantisBT.*Possible values for the Custom Field (e.g. RED|YELLOW|BLUE). Use thepipe (|) character to separate the enumeration's values. It ispossible for one of the values to be empty (e.g. |RED|YELLOW|BLUE,note the leading |).The set of values can also be calculated at runtime. For example,=versions would automatically resolve into all the versions definedfor the current project. See Section 7.2.7, “Dynamic values forEnumeration Custom Fields” for more information.*Default value - see details above for a sample default value for eachtype.*Minimum/maximum length for the custom field value (use 0 to disable).Note that these metrics are not really relevant to custom fields thatare based on an enumeration of possible values.*Regular expression to use for validating user input (use PCRE syntax).*Read Access level: Minimum access level for users to be able to seethe value of the custom field.*Write Access level: Minimum access level for users to be able to editthe value of the custom field.*Display when reporting issues? - If this custom field should be shownon the Report Issue page.*Display when updating issues? - If this custom field should be shownon the Update Issue page.*Display when resolving issues? - If this custom field should be shownwhen resolving an issue. For example, a "root cause" custom fieldwould make sense to set when resolving the issue.*Display when closing issues? - If this custom field should be shownwhen closing an issue.*Required on Report - If this custom field is a mandatory field on theReport Issue page.*Required on Update - If this custom field is a mandatory field on theUpdate Issue page.*Required on Resolve - If this custom field is a mandatory field whenresolving an issue.*Required on Close - If this custom field is a mandatory field whenclosing an issue.If the value of a custom field for a certain defect is not found, thedefault value is assumed.7.2.3. Adding/Editing Custom Fields*The logged in user needs $g_manage_custom_fields_threshold accesslevel.*Select "Manage" from the main menu.*Select "Custom Fields" from the management menu.*In case of edit, click on the name of an existing custom field toedit its information.*In case of adding a new one, enter the name of the new custom fieldthen click "New Custom Field".NoteAdded custom fields will not show up in any of the issues until the addedcustom field is linked to the appropriate projects.7.2.4. Linking/Unlinking/Ordering Existing Custom Fields in Projects*The logged in user needs to have access level that is greater than orequal to $g_custom_field_link_threshold and$g_manage_project_threshold.*Select "Manage" from the main menu.*Select "Projects".*Select the name of the project to manage.*Scroll down to the "Custom Fields" box.*Select the field to add from the list, then click "Add This ExistingCustom Field".*To change the order of the custom fields, edit the "Sequence" valueand click update. Custom fields with smaller values are displayedfirst.*To unlink a custom field, click on "Remove" link next to the field.Unlinking a custom field will not delete the values that areassociated with the issues for this field. These values are onlydeleted if the custom field definition is removed (not unlinked!)from the database. This is useful if you decide to re-link the customfield. These values may also re-appear if issues are moved to anotherproject which has this field linked.Moving Issues. When an issue is moved from one project to another, customfields that are not defined for the new project are not deleted. Thesefields will re-appear with their correct values if the issue is movedback to the original project, or if these custom fields are linked to thenew project.7.2.5. Localizing Custom Field NamesIt is possible to localize the custom fields' labels. This can be done asfollows:1.Define the custom field (see Section 7.2.2, “Custom Field Definition”),keeping in mind that its name must be a valid PHP identifier.As an example, we will use my_start_date for a custom field of type"Date", storing the date when work on an issue was initiated.2.Set the localization strings*In the MantisBT config directory, locate and editcustom_strings_inc.php (see Section 7.1, “Strings / Translations”),create it if it does not exist.*Localize the custom field's label my_start_date by adding thefollowing code<?phpswitch( $g_active_language ) {case 'french':$s_my_start_date = 'Date de début';break;default:# Default language, as defined in config/config_inc.php# ($g_default_language, English in this case)$s_my_start_date = 'Start Date';break;}NoteHad we decided to use start_date as the custom field's name, then itwould not have been necessary to modify custom_strings_inc.php (seeSection 7.1, “Strings / Translations”), since MantisBT would have usedthe existing, already localized string from the standard language files.To check for standard strings, inspect lang/strings_english.txt.7.2.6. Dynamic default values7.2.6.1. Dynamic defaults for Date fieldsCustom fields of type date can be defaulted to either specific orrelative dates. Typically, relative dates is the scenario that makessense in most of the cases.The format for specific dates is an integer which indicates the number ofseconds since the Unix Epoch (January 1 1970 00:00:00 UTC), which is theformat consumed by the PHP date() method.The relative scenario expects default values like {tomorrow},{yesterday}, {+2 days}, {-3 days}, {next week}, etc. The curly bracketsindicate that this is a logical value which is then evaluated using thePHP strtotime() function.7.2.7. Dynamic values for Enumeration Custom FieldsAs discussed earlier, one of the possible types of a custom field is"enumeration". This type of custom field allows the user to select onevalue from a provided list of possible values. The standard way ofdefining such custom fields is to provide a '|' separated list ofpossible values. However, this approach has two limitations: the list isstatic, and the maximum length of the list must be no longer than 255characters. Hence, the need for the ability to construct the list ofpossible values dynamically.7.2.7.1. Dynamic possible values included by defaultMantisBT ships with some dynamic possible values, these include thefollowing:*=categories a list of categories defined in the current project (orthe project to which the issue belongs).*=versions a list of all versions defined in the current project (orthe project to which the issue belongs).*=future_versions a list of all versions that belong to the currentproject with released flag set to false.*=released_versions a list of all versions that belong to the currentproject with released flag set to true.NoteThe = before the list of options tells MantisBT that this is a dynamiclist, rather than a static one with a single option.7.2.7.2. Defining Custom Dynamic Possible ValuesIf the user selects =versions, the actual custom function that isexecuted is custom_function_*_enum_versions(). The reason why the "enum_"is not included is to have a fixed prefix for all custom functions usedfor this purpose and protect against users using custom functions thatwere not intended for this purpose.For example, you would not want the user to usecustom_function_*_issue_delete_notify() which may be overridden by theweb master to delete associated data in other databases.Following is a sample custom function that is used to populate a fieldwith the categories belonging to the currently selected project:/*** Construct an enumeration for all categories for the current project.** The enumeration will be empty if current project is ALL PROJECTS.* Enumerations format is: "abc|lmn|xyz"* To use this in a custom field type "=categories" in the possible values field.*/function custom_function_override_enum_categories() {$t_categories = category_get_all_rows( helper_get_current_project() );$t_enum = array();foreach( $t_categories as $t_category ) {$t_enum[] = $t_category['category'];}$t_possible_values = implode( '|', $t_enum );return $t_possible_values;}Note*The custom function doesn't take any parameters.*The custom function returns the possible values in the format(A|B|C).*The custom function uses the current project.*The custom function builds on top of the already existing APIs.To define your own function mine, you will have to define it with thefollowing signature:/*** Use this in a custom field type "=mine" in the possible values field.*/function custom_function_override_enum_mine() {# Populate $t_enum values as appropriate here$t_enum = array();$t_possible_values = implode( '|', $t_enum );return $t_possible_values;}NoteNotice the override in the function name. This is because this method isdefined by the MantisBT administrator and not part of the MantisBTsource. It is OK to override a method that doesn't exist.As usual, when MantisBT is upgraded to future releases, the customfunctions will not be overwritten. The difference between the "default"implementation and the "override" implementation is explained in moredetails in Section 7.6, “Custom Functions”.7.3. Enumerations-----------------Enumerations are used in MantisBT to represent a set of possible valuesfor an attribute. Enumerations are used for access levels, severities,priorities, project statuses, project view state, reproducibility,resolution, ETA, and projection. MantisBT provides the administrator withthe flexibility of altering the values in these enumerations. The rest ofthis topic explains how enumerations work, and then how they can becustomised.How do enumerations work? core/constant_inc.php defines the constantsthat correspond to those in the enumeration. These are useful to refer tothese enumerations in the configs and the code.define( 'VIEWER', 10 );define( 'REPORTER', 25 );define( 'UPDATER', 40 );define( 'DEVELOPER', 55 );define( 'MANAGER', 70 );define( 'ADMINISTRATOR', 90 );config_defaults_inc.php includes the defaults for the enumerations. Theconfiguration options that are defaulted here are used in specifyingwhich enumerations are active and should be used in MantisBT.$g_access_levels_enum_string ='10:viewer,25:reporter,40:updater,55:developer,70:manager,90:administrator';NoteThe strings included in the enumerations here are just for documentationpurposes, they are not actually shown to the user (due to the need forlocalisation). Hence, if an entry in this enumeration is not found in thecorresponding localised string (i.e. 70:manager), then it will be printedto the user as @70@.The Language Files (e.g. lang/strings_german.txt) provide the localisedstrings (German in this case) for enumerations. But again, the masterlist is the enumeration in the configs themselves, the ones in thelanguage files are just used for finding the localised equivalent for anentry. Hence, if a user changes the config to have only two types ofusers developers and administrators, then only those will be prompted tothe users even if the enumerations in the language files still includesthe full list.$s_access_levels_enum_string ='10:Betrachter,25:Reporter,40:Updater,55:Entwickler,70:Manager,90:Administrator';How can they be customised? Let say we want to remove access level"Updater" and add access level "Senior Developer".The file config/custom_constants_inc.php is supported for the exclusivepurpose of allowing administrators to define their own constants whilemaintaining a simple upgrade path for future releases of MantisBT. Notethat this file is not distributed with MantisBT and you will need tocreate it if you need such customisation. In our example, we need todefine a constant for the new access level.define( 'SENIOR_DEVELOPER', 60 );In config/config_inc.php// Remove Updater and add Senior Developer$g_access_levels_enum_string ='10:viewer,25:reporter,55:developer,60:senior_developer,70:manager,90:administrator';// Give access to Senior developers to create/delete custom field.$g_manage_custom_fields_threshold = SENIOR_DEVELOPER;Update custom_strings_inc.php (see Section 7.1, “Strings / Translations”)$s_access_levels_enum_string ='10:Betrachter,25:Reporter,40:Updater,55:Entwickler,60:Senior Developer,70:Manager,90:Administrator';NoteWe don't need to remove the Updater entry from the localisation file ifthe current language is 'English'.Conclusion. We have covered how enumerations work in general, and how tocustomise one of them. If you are interested in customising otherenumerations, a good starting point would be to go to MantisBT EnumStrings section in config_defaults_inc.php. This section defines allenumerations that are used by MantisBT.7.4. Email Notifications------------------------See Section 5.8, “Email” in the Configuration section.Examples:*Notify only managers of new issues.$g_notify_flags['new'] = array('threshold_min' => MANAGER,'threshold_max' => MANAGER,);*Notify Developers and managers of all project events, except, excludedevelopers from the 'closed' events.$g_default_notify_flags = array('threshold_min' => DEVELOPER,'threshold_max' => MANAGER,);$g_notify_flags['closed'] = array('threshold_min' => MANAGER,'threshold_max' => MANAGER,);*Exclude those who contributed issue notes from getting messages aboutother changes in the issue.$g_default_notify_flags['bugnotes'] = OFF;*Exclude those monitoring issues from seeing the 'closed' message$g_notify_flags['closed']['monitor'] = OFF;*Only notify developers when issue notes are added.$g_notify_flags['bugnote'] = array('threshold_min' => DEVELOPER,'threshold_max' => DEVELOPER,);*Notify managers of changes in sponsorship.$g_notify_flags['sponsor'] = array('threshold_min' => MANAGER,'threshold_max' => MANAGER,);*Notify originator and managers of changes in ownership ("AssignedTo:").$g_notify_flags['owner'] = array('threshold_min' => MANAGER,'threshold_max' => MANAGER,'reporter' => ON,);*I'm paranoid about mail. Only send information on issues to thoseinvolved in them. Don't send mail people already know about. Alsosend new issue notifications to managers so they can screen them.$g_email_receive_own = OFF;$g_default_notify_flags = array('reporter' => ON,'handler' => ON,'monitor' => ON,'bugnotes' => ON,'category' => ON,'threshold_min' => NOBODY,'threshold_max' => NOBODY);$g_notify_flags['new'] = array('threshold_min' => MANAGER,'threshold_max' => MANAGER,);*How do I send all messages to an email logger.You will need to create a dummy user with the appropriate accesslevel for the notices you want to log. Once this user is added toprojects, they will receive mail using the appropriate rules.7.5. Customizing Status Values------------------------------This section describes how to add a custom status.1.Define a constant to map the new status to.In subfolder config, locate and edit file custom_constants_inc.php;(create it if it does not exist)<?php# Custom status codedefine( 'TESTING', 60 );2.Define the new status in the enumeration, as well as thecorresponding color code.In subfolder config, edit your config_inc.php# Revised enum string with new 'testing' status$g_status_enum_string = '10:new,20:feedback,30:acknowledged,40:confirmed,50:assigned, 60:testing, 80:resolved,90:closed';# Status color additions$g_status_colors[' testing '] = '#ACE7AE';Note that the key in the $g_status_colors array must be equal to thevalue defined for the new status code in $g_status_enum_string.3.Define the required translation strings for the new status, for eachlanguage used in the installation.*s_status_enum_string: status codes translation (refer to theoriginal language strings for standard values)*s_XXXX_bug_title: title displayed in the change status page*s_XXXX_bug_button: label for the submit button in the changestatus page*s_email_notification_title_for_status_bug_XXXX: title fornotification e-mailswhere XXXX is the name of the new status as it was defined ing_status_enum_string above. If XXXX contains spaces, they should bereplaced by underscores in the language strings names (e.g. for'35:pending user', use '$s_pending_user_bug_button')In the config subfolder, locate and edit custom_strings_inc.php (seeSection 7.1, “Strings / Translations”), create it if it does notexist<?php# Translation for Custom Status Code: testing switch( $g_active_language ) {case 'french':$s_status_enum_string = '10:nouveau,20:commentaire,30:accepté,40:confirmé,50:affecté,60:à tester,80:résolu,90:fermé';$s_testing_bug_title = 'Mettre le bogue en test';$s_testing_bug_button = 'A tester';$s_email_notification_title_for_status_bug_testing = 'Le bogue suivant est prêt à être TESTE.';break;default: # english$s_status_enum_string = '10:new,20:feedback,30:acknowledged,40:confirmed,50:assigned,60:testing,80:resolved,90:closed';$s_testing_bug_title = 'Mark issue Ready for Testing';$s_testing_bug_button = 'Ready for Testing';$s_email_notification_title_for_status_bug_testing = 'The following issue is ready for TESTING.';break;}4.Add the new status to the workflow as required.This can either be done from the Manage Workflow Transitions page(see Section 4.3.1, “Workflow Transitions”) or by manually editingconfig_inc.php as per the example below:$g_status_enum_workflow[NEW_] ='30:acknowledged,20:feedback,40:confirmed,50:assigned,80:resolved';$g_status_enum_workflow[FEEDBACK] ='30:acknowledged,40:confirmed,50:assigned,80:resolved';$g_status_enum_workflow[ACKNOWLEDGED] ='40:confirmed,20:feedback,50:assigned,80:resolved';$g_status_enum_workflow[CONFIRMED] ='50:assigned,20:feedback,30:acknowledged,80:resolved';$g_status_enum_workflow[ASSIGNED] ='60:testing,20:feedback,30:acknowledged,40:confirmed,80:resolved';$g_status_enum_workflow[TESTING] ='80:resolved,20:feedback,50:assigned';$g_status_enum_workflow[RESOLVED] ='90:closed,20:feedback,50:assigned';$g_status_enum_workflow[CLOSED] ='20:feedback,50:assigned';5.Check and update existing workflow configurationsIf you do not perform this step and have existing workflowdefinitions, it will not be possible to transition to and from yournew status.Go to the Workflow Transitions page(manage_config_workflow_page.php), and update the workflow asappropriate. Make sure that you have picked the correct Project inthe selection list).Hint: to identify whether you have any workflows that should beupdated, open the Manage Configuration Report page(adm_config_report.php) and filter on 'All Users', [any] project andconfig option = 'status_enum_workflow'. All of the listed projectsshould be reviewed to eventually include transitions to and from thenewly added states.7.6. Custom Functions---------------------Custom functions are used to extend the functionality of MantisBT byintegrating user-written functions into the issue processing at strategicplaces. This allows the system administrator to change the functionalitywithout touching MantisBT's core.Default Custom Functions are defined in the API filecore/custom_function_api.php , and are namedcustom_function_default_descriptive_name, where descriptive_namedescribes the particular function. See Section 7.6.1, “Default CustomFunctions” for a description of the specific functions.User versions of these functions (overrides) are named likecustom_function_override_descriptive_name, and placed in a file calledcustom_functions_inc.php that must be saved in MantisBT's configdirectory. In normal processing, the system will look for overridefunctions and execute them instead of the provided default functions.The simplest way to create a custom function is to copy the default onefrom the api to your override file (custom_functions_inc.php), and renameit (i.e. replacing 'default' by 'override'). The specific functionalityyou need can then be coded into the override function.7.6.1. Default Custom FunctionsRefer to core/custom_functions_api.php for further details.Custom Function NameDescriptionReturn valuecustom_function_default_auth_can_change_password()Determines whether MantisBT can update the passwordTrue if yes, False if notcustom_function_default_changelog_include_issue( $p_issue_id )Determines whether the specified issue should be included in theChangelog or not.True to include, False to excludecustom_function_default_changelog_print_issue( $p_issue_id,$p_issue_level = 0 )Prints one entry in the ChangelogNonecustom_function_default_enum_categories()Build a list of all categories for the current projectEnumeration, delimited by "|"custom_function_default_enum_future_versions()Build a list of all future versions for the current projectEnumeration, delimited by "|"custom_function_default_enum_released_versions()Build a list of all released versions for the current projectEnumeration, delimited by "|"custom_function_default_enum_versions()Build a list of all versions for the current projectEnumeration, delimited by "|"custom_function_default_format_issue_summary( $p_issue_id, $p_context = 0)Format the bug summaryFormatted stringcustom_function_default_get_columns_to_view( $p_columns_target =COLUMNS_TARGET_VIEW_PAGE, $p_user_id = null )Defines which columns should be displayedArray of the column namescustom_function_default_issue_create_notify( $p_issue_id )Notify after an issue has been createdIn case of invalid data, this function should call trigger_error()custom_function_default_issue_create_validate( $p_new_issue_data )Validate field settings before creating an issueIn case of invalid data, this function should call trigger_error()custom_function_default_issue_delete_notify( $p_issue_data )Notify after an issue has been deletedIn case of invalid data, this function should call trigger_error()custom_function_default_issue_delete_validate( $p_issue_id )Validate field settings before deleting an issueIn case of invalid data, this function should call trigger_error()custom_function_default_issue_update_notify( $p_issue_id )Notify after an issue has been updatedIn case of invalid data, this function should call trigger_error()custom_function_default_issue_update_validate( $p_issue_id,$p_new_issue_data, $p_bugnote_text )Validate field issue data before updatingIn case of invalid data, this function should call trigger_error()custom_function_default_print_bug_view_page_custom_buttons( $p_bug_id )Prints the custom buttons on the current view pageNonecustom_function_default_print_column_title( $p_column, $p_columns_target= COLUMNS_TARGET_VIEW_PAGE, array $p_sort_properties = null )Print a column's title based on its nameNonecustom_function_default_print_column_value( $p_column, $p_bug,$p_columns_target = COLUMNS_TARGET_VIEW_PAGE )Print a column's value based on its nameNonecustom_function_default_roadmap_include_issue( $p_issue_id )Determines whether the specified issue should be included in the Roadmapor not.True to include, False to excludecustom_function_default_roadmap_print_issue( $p_issue_id, $p_issue_level= 0 )Prints one entry in the RoadmapNone7.6.2. Example Custom Function OverrideThe following function is used to validate an issue before it isresolved.<?php/*** Hook to validate Validate field settings before resolving* verify that the resolution is not set to OPEN* verify that the fixed in version is set (if versions of the product exist)*/function custom_function_override_issue_update_validate( $p_issue_id, $p_bug_data, $p_bugnote_text ) {if( $p_bug_data->status == RESOLVED ) {if( $p_bug_data->resolution == OPEN ) {error_parameters( 'the resolution cannot be open to resolve the issue' );trigger_error( ERROR_VALIDATE_FAILURE, ERROR );}$t_version_count = count( version_get_all_rows( $p_bug_data->project_id ) );if( ( $t_version_count > 0 ) && ( $p_bug_data->fixed_in_version == '' ) ) {error_parameters( 'fixed in version must be set to resolve the issue' );trigger_error( ERROR_VALIDATE_FAILURE, ERROR );}}}?>The errors will also need to be defined, by modifying the following files*custom_constants_inc.phpdefine( 'ERROR_VALIDATE_FAILURE', 2000 );*custom_strings_inc.php (see Section 7.1, “Strings / Translations”)$MANTIS_ERROR['ERROR_VALIDATE_FAILURE'] = 'This change cannot be made because %s';Chapter 8. Authentication=========================MantisBT supports several authentication methods out of the box. Inaddition, there is work in progress relating to supporting authenticationplug-ins. Once these are implemented, authentication against any protocolor repository of user names and passwords will be possible without havingto touch MantisBT core code.It is important to note that MantisBT does not yet support hybridauthentication scenarios. For example, internal staff authenticatingagainst LDAP while customers authenticate against the MantisBT databasewith MD5 hash.See $g_login_method in Section 5.21.1, “Global authentication parameters”for more details about how to configure MantisBT to use one of theseauthentication techniques.8.1. Standard Authentication----------------------------With Standard login method, MantisBT users are authenticated againstrecords in the MantisBT database, where the passwords are stored as ahash.Note: while technically unlimited, the password's length is arbitrarilyrestricted to 1024 characters (PASSWORD_MAX_SIZE_BEFORE_HASH constant).Values for $g_login_method:*MD5 is the default method*Support for additional methods could be added in the future8.2. LDAP and Microsoft Active Directory----------------------------------------Value for $g_login_method: LDAPAuthentication is made against an LDAP or Active Directory server.The LDAP parameters should be setup as explained in Section 5.21.2, “LDAPauthentication method parameters”.An MD5 hash of the user's password will be stored in the database uponsuccessful login, allowing fall-back to Standard Authentication when theLDAP server is not available.The user's ID and password is checked against the Directory; if thecredentials are valid, then the user is allowed to login and their useraccount in MantisBT is created automatically.8.3. Basic Authentication-------------------------Value for $g_login_method: BASIC_AUTHWhen MantisBT is configured to use basic auth, it automatically detectsthe logged in user and checks if they are already registered in MantisBT,if not, then a new account is automatically created for the username.The password length is limited to the size of the underlying databasefield (DB_FIELD_SIZE_PASSWORD constant), currently 32 characters.8.4. HTTP Authentication------------------------Value for $g_login_method: HTTP_AUTHTODOThe password length is limited to the size of the underlying databasefield (DB_FIELD_SIZE_PASSWORD constant), currently 32 characters.8.5. Deprecated authentication methods--------------------------------------The following methods of authentication are deprecated, and supported forbackwards-compatibility reasons only. It is strongly recommended toupdate MantisBT installations relying on these to use Section 8.1,“Standard Authentication” instead.Deprecated values for $g_login_method:*CRYPT*CRYPT_FULL_SALT*PLAINWith CRYPT-based methods, the password's length is limited as perStandard Authentication. With PLAIN, its size is restricted as for BasicAuthentication.Chapter 9. Troubleshooting==========================This chapter provides the Administrator with additional informationrelated to Application Errors and common problems in MantisBT.Useful additional reference information and support may also be found onthe MantisBT website, more specifically the Forums and the Bugtracker.9.1. Application Errors-----------------------Additional information about common MantisBT errors.9.1.1. Error 2800 - Invalid form security tokenThis error may only occur when Form Validation is enabled with$g_form_security_validation = ON (see Section 5.4, “Webserver”). Thereare several known cases that could trigger it:*Multiple submissions of a form by clicking on the submit buttonseveral times (user error)*Invalid or unauthorized submission of a form, e.g. by hand-craftingthe URL (CSRF attack)*Expired PHP sessionIn the first two instances, MantisBT's behavior is by design, and theresponse as expected. For expired sessions however, the user is impactedby system behavior, which could not only cause confusion, but alsopotential loss of submitted form data. What happens is driven by severalphp.ini configuration settings:*The ratio session.gc_probability divided by session.gc_divisor, whichdetermines the probability that the garbage collection process willstart when a session is initialized.*session.gc_maxlifetime which specifies (as the name does notindicate) the minimum validity of session data.With PHP default values, sessions created more than 1440 seconds (24minutes) ago have a 1% chance to be invalidated each time a new sessionis initialized. This explains the seemingly random occurrence of thiserror.Unfortunately, this problem cannot be fixed without a major rework of theway sessions and form security are handled in MantisBT.As a workaround, the Administrator can*Increase the value of session.gc_maxlifetime*Set $g_form_security_validation = OFF. Note that for securityreasons, it is strongly recommended not to do this.Users may also install local tools to avoid loss of form data, such asTypio Form Recovery Chrome extension, or Form History Control add-on forFirefox and Chrome.Further references and reading:*MantisBT issues 12381, 12492, 13106, 13246*MantisBT forumsChapter 10. Project Management==============================This section covers the project management features of MantisBT. Thisincludes features like change log, roadmap, time tracking, reporting andothers.10.1. Change Log----------------MantisBT doesn't just track the status of issues, it also relates issuesto versions. Each project can have several versions, which are markedwith attributes like released and obsolete. Users typically report issuesagainst released issues and developers typically fix issues in notreleased versions. With every new release comes question like: what'snew? what has been fixed? Customers wonder if the new release is ofinterest to them and whether they should take an upgrade. Well, thechange log is specifically tailored to answer these kind of questions.In order for an issue to show up in the change log, it has to satisfycertain criteria. The criteria is that the issue has to be resolved witha 'fixed' resolution and has to have the 'fixed_in_version' field set.Users sometimes wonder why resolved or closed issues don't show up in thechange log, and the answer is that the 'fixed_in_version' field is notset. Without the 'fixed_in_version', it is not possible for MantisBT toinclude the issues in the appropriate section of the changelog. Note thatit is possible to set the 'fixed_in_version' for multiple issues usingthe 'Update Fixed in Version' group action on the View Issues page (justbelow the issues list). This option is only available when the selectedproject is not 'All Projects'. Once a version is marked as obsolete, itis now longer included in the change log.MantisBT also provides the ability to customize the criteria used for anissue to be included in the change log. For example, for installationsthat use a custom set of resolutions, it is possible to select multipleresolutions as valid candidates for the change log. This can be doneusing custom functions (see custom functions documentation for moredetails). The custom function below overrides the MantisBT defaultbehavior to include issues with both FIXED and IMPLEMENTED (a customresolution) resolutions in the change log.<?php# --------------------# Checks the provided bug and determines whether it should be included in the changelog# or not.# returns true: to include, false: to exclude.function custom_function_override_changelog_include_issue( $p_issue_id ) {$t_issue = bug_get( $p_issue_id );return ( ( $t_issue->resolution == FIXED || $t_issue->resolution == IMPLEMENTED ) &&( $t_issue->status >= config_get( 'bug_resolved_status_threshold' ) ) );}MantisBT also provides the ability to customize the details to includefrom the issue and in what format. This can be done using the followingcustom function.<?php# --------------------# Prints one entry in the changelog.function custom_function_override_changelog_print_issue( $p_issue_id, $p_issue_level = 0 ) {$t_bug = bug_get( $p_issue_id );if( $t_bug->category_id ) {$t_category_name = category_get_name( $t_bug->category_id );} else {$t_category_name = '';}$t_category = is_blank( $t_category_name ) ? '' : '<b>[' . $t_category_name . ']</b> ';echo str_pad( '', $p_issue_level * 6, ' ' ), '- ', string_get_bug_view_link( $p_issue_id ), ': ', $t_category, string_display_line_links( $t_bug->summary );if( $t_bug->handler_id != 0 ) {echo ' (', prepare_user_name( $t_bug->handler_id ), ')';}echo ' - ', get_enum_element( 'status', $t_bug->status ), '.<br />';}By combining both customization features, it is also possible to do moreadvanced customization scenarios. For example, users can add a'ChangelogSummary' custom field and include all issues that have suchfield in the change log. Through customizing what information beingincluded for a qualifying issue, users can also include the'ChangelogSummary' text rather than the native summary field.In some cases, users know that they fixed an issue and that the fix willbe included in the next release, however, they don't know yet the name ofthe release. In such case, the recommended approach is to always have aversion defined that corresponds to the next release, which is typicallycalled 'Next Release'. Once the release is cut and has a concrete name,then 'Next Release' can be renamed to the appropriate name and a new'Next Release' can then be created. For teams that manage releases frommultiple branches for the same project, then more than one next releasecan be possible. For example, 'Next Dev Release' and 'Next StableRelease'.Another common requirement is to be able to link to the change log of aspecific project from the project's main website. There is a variety ofways to do that:*To link to the changelog of version "ver1" of project "myproject":http://www.example.com/mantisbt/changelog_page.php?project=myproject&version=ver1*To link to the changelog of all non-obsolete versions of project'myproject':http://www.example.com/mantisbt/changelog_page.php?project=myproject*To link to the changelog of project with id 1. The project id can befigured out by going to the management page for the project andgetting the value of project_id field form the URL.http://www.example.com/mantisbt/changelog_page.php?project_id=1*To link to the changelog of version with id 1. The version id isunique across all projects and hence in this case it is not necessaryto include the project id/name. The version id can be figured out bygoing to the manage project page and editing the required version.The version_id will be included in the URL.http://www.example.com/mantisbt/changelog_page.php?version_id=1Another approach is to go to the project page and from there users canget to multiple other locations relating to the project include thechange log. This can be done by a URL like the following:http://www.example.com/mantisbt/project_page.php?project_id=1It is possible to customize the access level required for viewing thechange log page. This can be done using the $g_view_changelog_thresholdconfiguration option.10.2. Roadmap-------------One of the very important scenarios in project management is where theproject managers (or team leads) triage the issues to set theirpriorities, target version, and possibly assign the issues to specificdevelopers or take other actions on the issue. By setting the targetversion of an issue to a version that is not yet released, the issueshows up on the project roadmap, providing user with information aboutwhen to expect the issues to be resolved. The roadmap page has a sectionfor each release showing information like planned issues, issues done andpercentage of issues completed. Issues that are fixed in a specificversion, but didn't have the target_version field set, will not show upin the roadmap. This allows the ability to control the issues that aresignificant enough to show in the roadmap, while all resolved fields canbe found in the change log. Note that it is possible to set the'target_version' for multiple issues using the 'Update Target Version'group action that is available through the View Issues page (below theissues list). This option is only available when the current project isnot 'All Projects'. Although it is not a typical scenario, it is worthmentioning that once a version is marked as obsolete, it is not includedin the roadmap.Note that the roadmap only includes future versions, once a version ismarked as released, it no longer is included in the roadmap. Forinformation about such releases, the change log feature should be used.For an issue to be shown on the roadmap, it has to have the targetversion set. It does not matter whether the feature is resolved or not.Resolved features will be decorated with a strikethrough and will becounted as done.MantisBT provides the ability to customize the criteria for issues toshow up on the roadmap. The default criteria is that the issue has tobelong to a version that is not yet released and that the issues is not aduplicate. However, such criteria can be customized by using customfunctions as below.<?php# --------------------# Checks the provided bug and determines whether it should be included in the roadmap or not.# returns true: to include, false: to exclude.function custom_function_override_roadmap_include_issue( $p_issue_id ) {return ( true );}It is also possible to customize the details included about an issues andthe presentation of such details. This can be done through the followingcustom function:<?php# --------------------# Prints one entry in the roadmap.function custom_function_override_roadmap_print_issue( $p_issue_id, $p_issue_level = 0 ) {$t_bug = bug_get( $p_issue_id );if( bug_is_resolved( $p_issue_id ) ) {$t_strike_start = '<strike>';$t_strike_end = '</strike>';} else {$t_strike_start = $t_strike_end = '';}if( $t_bug->category_id ) {$t_category_name = category_get_name( $t_bug->category_id );} else {$t_category_name = '';}$t_category = is_blank( $t_category_name ) ? '' : '<b>[' . $t_category_name . ']</b> ';echo str_pad( '', $p_issue_level * 6, ' ' ), '- ', $t_strike_start, string_get_bug_view_link( $p_issue_id ), ': ', $t_category, string_display_line_links( $t_bug->summary );if( $t_bug->handler_id != 0 ) {echo ' (', prepare_user_name( $t_bug->handler_id ), ')';}echo ' - ', get_enum_element( 'status', $t_bug->status ), $t_strike_end, '.<br />';}Some teams manage different branches for each of their projects (e.g.development and maintenance branches). As part of triaging the issue,they may decide that an issue should be targeted to multiple branches.Hence, frequently the request comes up to be able to target a singleissue to multiple releases. The current MantisBT approach is that anissues represents an implementation or a fix for an issue on a specificbranch. Since sometimes applying and verifying a fix to the two branchesdoes not happen at the same time and in some cases the approach forfixing an issue is different based on the branch. Hence, the way tomanage such scenario is to have the main issue for the initial fix andhave related issues which capture the work relating to applying the fixto other branches. The issues for porting the fix can contain anydiscussions relating to progress, reflect the appropriate status and cango through the standard workflow process independent of the originalissues.Another common requirement is to be able to link to the roadmap of aspecific project from the project's main website. There is a variety ofways to do that:*To link to the roadmap of version "ver1" of project "myproject":http://www.example.com/mantisbt/roadmap_page.php?project=myproject&version=ver1*To link to the roadmap of all non-obsolete versions of project'myproject':http://www.example.com/mantisbt/roadmap_page.php?project=myproject*To link to the roadmap of project with id 1. The project id can befigured out by going to the management page for the project andgetting the value of project_id field form the URL.http://www.example.com/mantisbt/roadmap_page.php?project_id=1*To link to the roadmap of version with id 1. The version id is uniqueacross all projects and hence in this case it is not necessary toinclude the project id/name. The version id can be figured out bygoing to the manage project page and editing the required version.The version_id will be included in the URL.http://www.example.com/mantisbt/roadmap_page.php?version_id=1Another approach is to go to the project page and from there users canget to multiple other locations relating to the project include theroadmap. This can be done by a URL like the following:http://www.example.com/mantisbt/project_page.php?project_id=1The access level required to view and modify the roadmap can beconfigured through $g_roadmap_view_threshold and$g_roadmap_update_threshold respectively. Modifying the roadmap is theability to set the target versions for issues. Users who have such accesscan set the target versions while reporting new issues or by updatingexisting issues.10.3. Time Tracking-------------------To activate the Time Tracking feature you have to set the configurationoption "time_tracking_enabled" to ON. To activating the Time Tracking youcan :*Static solution : change the variable '$g_time_tracking_enabled' inthe configuration file 'config_defaults_inc.php', this will changethe configuration for all the MantisBT instance ;*Dynamic and "project by project" solution : Use the administrationpage "Manage Configuration" and set the variable'time_tracking_enabled' to '1' for which user and which project ofyou choice.All Time Tracking configuration options are described in theconfiguration section off this guide.10.4. Graphs------------Assigned to me: TODORelease Delta: TODOCategory: TODOSeverity: TODOSeverity / Status: TODODaily Delta: TODOReported by Me: TODO10.5. Summary Page------------------By Status: TODOBy Severity: TODOBy Category: TODOTime Stats for Resolved Issues (days): TODODeveloper Status: TODOReporter by Resolution: TODODeveloper by Resolution: TODOBy Date: TODOMost Active: TODOLongest Open: TODOBy Resolution: TODOBy Priority: TODOReporter Status: TODOReporter Effectiveness: TODOChapter 11. Contributing to MantisBT====================================11.1. Talent and Time---------------------One of the greatest ways to contribute to MantisBT is to contribute yourtalent and time. For MantisBT to keep growing we need such support in allareas related to the software development cycle. This includes: businessanalysts, developers, web designers, graphics designers, technicalwriters, globalization developers, translators, testers, super users,packagers and active users. If you would like to contribute in any ofthese capacities please contact us through the "Contact Us" page.11.2. Recommend MantisBT to Others----------------------------------It feels great when we get feedback from the user community about howMantisBT boosted their productivity, and benefited their organization. Alot of the feedback I get is via email, some on mailing lists, and someon forums. I would encourage such users to blog about it, tell theirfriends about MantisBT, and recommend MantisBT to other organizations.MantisBT is driven by it's community, the greater the community, thegreater the ideas, the greater of a product it becomes.11.3. Blog about MantisBT-------------------------If you have a blog, then talk about MantisBT, review it's features andhelp us spread the word. A lot of users also like to blog about how theycustomized MantisBT to fit their needs or to integrate with other toolsthat they use in their work environment.11.4. Integrate with MantisBT-----------------------------If you have a product that can be integrated with MantisBT to providevalue for MantisBT users, that would be a great place to contribute andbenefit both your project's and the MantisBT community.A great example in this area are integrations with content managementsystems (e.g. *Nuke, Xoops), project management (PHPProjekt), andTestLink for Test Management. MantisBT can easily be integrated withprojects in any programming language whether it is hosted on the samewebserver or anywhere else in the world. This can be achieved through itsSOAP API and MantisConnect client libraries. MantisConnect comes withclient libraries and samples in languages like PHP, .NET, Java and Cocoa.Appendix A. Revision History============================Revision HistoryRevision 2.26-0Sun Oct 15 2023Damien RegadRelease 2.26.0Revision 2.25-0Mon Mar 8 2021Damien RegadRelease 2.25.0Revision 2.24-1Sun May 3 2020Victor BoctorRelease 2.24.1Revision 2.24-0Sun Mar 15 2020Victor BoctorRelease 2.24.0Revision 2.23-0Sun Dec 9 2019Victor BoctorRelease 2.23.0Revision 2.22-1Thu Sep 26 2019Victor BoctorRelease 2.22.1Revision 2.22-0Sun Aug 25 2019Victor BoctorRelease 2.22.0Revision 2.21-2Mon Aug 19 2019Victor BoctorRelease 2.21.2Revision 2.21-1Thu Jun 13 2019Victor BoctorRelease 2.21.1Revision 2.21-0Sat Apr 20 2019Victor BoctorRelease 2.21.0Revision 2.20-0Sat Mar 16 2019Victor BoctorRelease 2.20.0Revision 2.19-0Wed Jan 2 2019Victor BoctorRelease 2.19.0Revision 2.18-0Tue Oct 16 2018Victor BoctorRelease 2.18.0Revision 2.17-1Mon Sep 24 2018Victor BoctorRelease 2.17.1Revision 2.17-0Mon Sep 3 2018Victor BoctorRelease 2.17.0Revision 2.16-0Sun Jul 29 2018Victor BoctorRelease 2.16.0Revision 2.15-0Tue Jun 5 2018Victor BoctorRelease 2.15.0Revision 2.14-0Sun Apr 29 2018Victor BoctorRelease 2.14.0Revision 2.13-1Wed Apr 4 2018Victor BoctorRelease 2.13.1Revision 2.13-0Sun Apr 1 2018Victor BoctorRelease 2.13.0Revision 2.12-0Sat Mar 3 2018Victor BoctorRelease 2.12.0Revision 2.11-0Tue Feb 6 2018Victor BoctorRelease 2.11.0Revision 2.10-0Sat Dec 30 2017Victor BoctorRelease 2.10.0Revision 2.9-0Sun Dec 3 2017Victor BoctorRelease 2.9.0Revision 2.8-0Sat Oct 28 2017Victor BoctorRelease 2.8.0Revision 2.7-0Sun Oct 8 2017Victor BoctorRelease 2.7.0Revision 2.6-0Sun Sep 3 2017Victor BoctorRelease 2.6.0Revision 2.5-1Sat Jun 17 2017Victor BoctorRelease 2.5.1Revision 2.5-0Sun Jun 4 2017Victor BoctorRelease 2.5.0Revision 2.4-1Sat May 20 2017Victor BoctorRelease 2.4.1Revision 2.4-0Sun Apr 30 2017Victor BoctorRelease 2.4.0Revision 2.3-3Sun Apr 30 2017Victor BoctorRelease 2.3.2Revision 2.3-2Sun Apr 17 2017Victor BoctorRelease 2.3.1Revision 2.3-1Fri Mar 31 2017Victor BoctorRelease 2.3.0Revision 2.2-3Wed Mar 22 2017Damien RegadRelease 2.2.2Revision 2.2-2Sun Mar 12 2017Victor BoctorRelease 2.2.1Revision 2.2-1Sun Feb 26 2017Victor BoctorRelease 2.2.0Revision 2.1-2Sun Feb 26 2017Victor BoctorRelease 2.1.1Revision 2.1-1Tue Jan 31 2017Victor BoctorRelease 2.1.0Revision 2.0-2Fri Dec 30 2016Victor BoctorRelease 2.0.0Revision 2.0-1Sat Nov 26 2016Damien RegadRelease 2.0.0-rc.2