URL to your installation as seen from the web browser; this is what you type into the URL field. Requires trailing '/' character. eg. 'https://www.example.com/mantisbt/'. MantisBT will default this to the correct value. However, in some cases it might be necessary to override the default. This is typically needed when an installation can be accessed by multiple URLs (internal vs external).

Short web path without the domain name. This requires the trailing '/'.

This is the absolute file system path to the MantisBT installation, it is defaulted to the directory where config_defaults_inc.php resides. Requires trailing '/' character (eg. '/usr/apache/htdocs/mantisbt/').

This is the path to the core directory of your installation. The default value is usually OK but it is recommended that you move the 'core' directory out of your webroot. Requires trailing DIRECTORY_SEPARATOR character.

This is the path to the classes directory which is a sub-directory of core by default. The default value is typically OK. Requires trailing DIRECTORY_SEPARATOR. character.

This is the path to the library directory of your installation. The default value is usually OK but it is recommended that you move the 'library' directory out of your webroot. Requires trailing DIRECTORY_SEPARATOR character.

This is the path to the language directory of your installation. The default value is usually OK but it is recommended that you move the 'language' directory out of your webroot. Requires trailing DIRECTORY_SEPARATOR character.

This is the url to the MantisBT online manual. Requires trailing '/' character.

Location where session files are stored. The default is false, meaning the session handler's default location will be used.

Use Session validation (defaults to ON)

Form security validation, defaults to ON. This protects against Cross-Site Request Forgery. Some proxy servers may not correctly work with this option enabled because they cache pages incorrectly.

An array of custom headers to be sent with each page.

For example, to allow your MantisBT installation to be viewed in a frame in IE6 when the frameset is not at the same hostname as the MantisBT install, you need to add a P3P header. You could try something like

$g_custom_headers = array( 'P3P: CP="CUR ADM"' );

in your config file, but make sure to check that your policy actually matches with what you are promising. See MSDN for more information.

Even though it is not recommended, you could also use this setting to disable previously sent headers. For example, assuming you didn't want to benefit from Content Security Policy (CSP), you could set:

$g_custom_headers = array( 'Content-Security-Policy:' );

This option contains the list of configuration options that are used to determine if it is allowed for a specific configuration option to be saved to or loaded from the database. Configuration options that are in the list are considered global only and hence are only configurable via the config_inc.php file and defaulted by config_defaults_inc.php file.

This option contains a list of configuration options that can be queried via SOAP API.

Amongst other things, MantisBT relies on Content Security Policy (CSP), which is a W3C candidate recommendation improving the system's security against cross-site scripting (XSS) and other, similar types of attacks. It is currently supported in recent versions of many browsers.

MantisBT currently does not provide any mechanism for plugins to notify the Core of 'safe' external domains. Because of that, even though it is not recommended for obvious security reasons, you may wish to disable CSP. You can do so by specifying a Custom Header in your config_inc.php file (see Section 5.4, “Webserver”).

Master salt value used for cryptographic hashing throughout MantisBT. This value must be kept secret at all costs. You must generate a unique and random salt value for each installation of MantisBT you control. The minimum length of this string must be at least 16 characters.

The value you select for this salt should be a long string generated using a secure random number generator. An example for Linux systems is:

cat /dev/urandom | head -c 64 | base64

Note that the number of bits of entropy per byte of output from /dev/urandom is not 8. If you're particularly paranoid and don't mind waiting a long time, you could use /dev/random to get much closer to 8 bits of entropy per byte. Moving the mouse (if possible) while generating entropy via /dev/random will greatly improve the speed at which /dev/random produces entropy.

This setting is blank by default. MantisBT will not operate in this state. Hence you are forced to change the value of this configuration option.

Allow users to signup for their own accounts.

If ON (default), then $g_send_reset_password must be ON as well, and mail settings must be correctly configured (see Section 5.8, “Email”).

Maximum number of failed login attempts before the user's account is locked. Once locked, it is required to reset the password (lost password). The counter is reset to zero after each successful login.

Default is set to 5, in order to prevent brute force attacks attempting to gain access to end users accounts. Set to OFF to disable this feature and allow unlimited failed login attempts.

The minimum global access level required to be notified when a new user registers via the "signup form". To pick specific access levels that are not necessarily at the higher end of access levels, use an array of access levels. Default is ADMINISTRATOR.

If ON (default), users will be sent their password when their account is created or password reset (this requires mail settings to be correctly configured).

If OFF, then the Administrator will have to provide a password when creating new accounts, and the password will be set to blank when reset.

TODO

TODO

TODO

TODO

The webmaster's e-mail address. This address is displayed in the bottom of all MantisBT pages. webmaster@example.com

The email address to be used as the source of all emails sent by MantisBT. noreply@example.com

The sender name of all emails sent by MantisBT. Mantis Bug Tracker

Email address to receive bounced emails.

Set to ON to enable email notifications, OFF to disable them. Default is ON. Note that disabling email notifications has no effect on emails generated as part of the user signup process. When set to OFF, the password reset feature is disabled. Additionally, notifications of administrators updating accounts are not sent to users.

When enabled, the email notifications will include the full issue with a hint about the change type at the top, rather than using dedicated notifications that are focused on what changed. This change can be overridden in the database per user. Default is OFF.

Associates a default notification flag with each action, to control who should be notified. The default will be used if the action is not defined in $g_notify_flags or if the flag is not included in the specific action definition.

The list of actions include: new, assigned, resolved, bugnote, reopened, closed, deleted, feedback.

The default is:

$g_default_notify_flags = array(
	'reporter'      => ON,
	'handler'       => ON,
	'monitor'       => ON,
	'bugnotes'      => ON,
	'category'      => ON,
	'explicit'      => ON,
	'threshold_min' => NOBODY,
	'threshold_max' => NOBODY
);

threshold_min and threshold_max are used to send messages to all members of the project whose status is

Sending messages to everyone would set threshold_min to ANYBODY and threshold_max to NOBODY. To send to all DEVELOPERS and above, use DEVELOPER and NOBODY respectively.

Defines the specific notification flags when they are different from the defaults defined in $g_default_notify_flags.

For example, the following code overrides the default by disabling notifications to bugnote authors and users monitoring the bug when submitting a new bug:

$g_notify_flags['new'] = array(
	'bugnotes' => OFF,
	'monitor' => OFF,
);

See Section 7.4, “Email Notifications” for further examples of customizing the notification flags.

Available actions include:

In addition, an action can match the bug status in $g_status_enum_string. Note that spaces in the string are replaced with underscores ('_') when creating the action. Thus, using the defaults, 'feedback' would be a valid action.

This defines whether users should receive emails for their own actions. This option is defaulted to OFF, hence, users do not receive email notification for their own actions. This can be a source for confusions for users upgrading from MantisBT 0.17.x versions, since in these versions users used to get notified of their own actions.

Determines whether email addresses are validated.

When ON (default), validation is performed using the pattern given by the HTML5 specification for email type form input elements. When OFF, validation is disabled.

Set to OFF to disable email checking. Default is OFF.

If ON, allows the user to omit an email address field. If you allow users to create their own accounts, they must specify an email at that point, no matter what the value of this option is. Otherwise they wouldn't get their passwords.

Administrators are able to bypass this check to enable them to create special accounts like anonymous access and other service accounts that don't need notifications.

Enable support for logging in by email and password, in addition to username and password. This will only work as long as there is a single user with the specified email address and the email address is not blank. The default value is OFF.

When enabled, the uniqueness of email addresses will be enforced for new users as well as updates to existing ones. Note that there can be duplicate emails before this option was turned ON. Default is ON.

Only allow and send email to addresses in the given domain(s). This is useful as a security feature and it is also useful in cases like Sourceforge where its servers are limited to only sending emails to SourceForge email addresses in order to avoid spam. $g_limit_email_domains = array( 'users.sourceforge.net', 'sourceforge.net' );

This specifies the access level that is needed to have user names hyperlinked with mailto: links. The default value is NOBODY, hence, even administrators won't have this feature enabled.

Select the method to send mail:

Default is PHPMAILER_METHOD_MAIL.

This option specifies the SMTP server to submit messages to. The SMTP server (MTA) then takes on the responsibility of delivering messages to their final destinations.

To use the local SMTP (if available) set this to 'localhost', otherwise use the fully qualified domain name of the remote SMTP server.

It can be either a single hostname, or multiple semicolon-delimited hostnames. You can specify for each host a port other than the default, using format: hostname:port (e.g. "smtp1.example.com:25;smtp2.example.com").

Hosts will be tried in the given order.

The default is 'localhost'.

The default SMTP port to use. This can be overridden individually for specific hosts. (see $g_smtp_host).

Typical SMTP ports are 25 and 587.

The default is 25.

Allow secure connection to the SMTP server. Valid values are:

SMTP Server Authentication user

Allows the use of SMTP Authentication when using a remote SMTP host.

Default is ''.

This is the password that is used in SMTP Authentication. Not used when $g_smtp_username = ''

Default is ''.

Duration (in days) to retry failed emails before deleting them from queue. Default 7 days.

Disables sending of emails as soon as an action is performed. Emails are instead queued and must be sent by running scripts/send_emails.php periodically. This script can only be executed from the CLI, not from the web interface, for security reasons.

Enabling this option can help with performance problems if large numbers of emails are generated or mail delivery is slow by not delaying page execution when sending emails.

Default is str_pad('', 70, '='); This means 70 equal signs.

Default is str_pad('', 70, '-'); This means 70 minus signs.

Default is 28.

Whether to show the MantisBT version at the bottom of each page or not. Default is OFF.

This is the language used by default in MantisBT. This may be set to 'auto' where MantisBT will try to determine the language from the browser.

This is to be set to an array of languages that are available for users to choose from. The default value includes all languages supported by MantisBT. The administrator can limit the languages available for users to choose from by overriding this value. For example, to support English, French and German include the following code:

$g_language_choices_arr = array( 'english', 'french', 'german' );

Of course, administrators can also add their own languages by translating the strings and creating their own language files. You are encouraged to share any translation work that you do with the MantisBT team. This will ensure that the newly created language file is maintained with future MantisBT releases.All language files reside in the lang/ folder. They are all named according to the following pattern: strings_<language>.txt.

This is the language used if MantisBT cannot determine the language from the browser. It defaults to 'english'.As of 0.19.0, this may be set to 'auto' where MantisBT will try to determine the language from the browser.

Name of the google font family for the browser to use. For all available fonts, see: fonts.google.com .

Google font family list offered to the user to chose from. Font files are fetched from google servers.

This is a small subset of $g_font_family_choices in which font files are part of MantisBT installation.

This is the browser window title (<TITLE> tag).

This is used as prefix to describe Browser Search entries, and must be short enough so that when inserted into the 'opensearch_XXX_short' language string, the resulting text is 16 characters or less, to be compliant with the limit for the ShortName element as defined in the OpenSearch specification .

Defaults to the value of $g_window_title.

Path to the favorites icon relative to MantisBT root folder This icon should be of image/x-icon MIME type, and its size 16x16 pixels. It is also used to decorate OpenSearch Browser search entries. (default 'images/favicon.ico').

Path to the logo image relative to MantisBT root folder (default 'images/mantis_logo.gif').

The default URL to be associated with the logo. By default this is set to $g_default_home_page (which defaults to My View page). Clicking on the logo from any page in the bug tracker will navigate to the URL specified in this configuration option.

This option specifies whether to add menu at the top of the page which includes links to all the projects. The default value is OFF.

When a bug is assigned then replace the word "assigned" with the name of the developer in parenthesis. Default is ON.

Specifies whether to show priority as text (ON) or icon (OFF) in the view all bugs page. Default is OFF (icon).

Define the priority level at which a bug becomes significant. Significant bugs are displayed with emphasis. Set this value to -1 to disable the feature. The default value is HIGH.

Define the severity level at which a bug becomes significant. Significant bugs are displayed with emphasis. Set this value to -1 to disable the feature. The default value is MAJOR.

This configuration option is used to select the columns to be included in the View Issues page and in which order. If one of the column is not accessible to the logged in user, or corresponds to a disabled feature, then it will be automatically removed from the list at runtime. Hence, the same column list may show a different set of columns based on the logged in user, the currently selected project and enabled features (e.g. sponsorship_total is only shown if the sponsorship feature is enabled).

The supported columns are: selection, edit, id, project_id, reporter_id, handler_id, priority, reproducibility, projection, eta, resolution, fixed_in_version, view_state, os, os_build, build (for product build), platform, version, date_submitted, attachment_count, category, sponsorship_total, severity, status, last_updated, summary, bugnotes_count, description, steps_to_reproduce, additional_info. As for custom fields they can be referenced by adding a 'custom_' to their name (e.g. xyz would be custom_xyz).

By default the following columns are selected: selection, edit, priority, id, sponsorship_total, bugnotes_count, attachment_count, category_id, severity, status, last_updated, summary.

This configuration option is used to select the columns to be included in the Print Issues page and in which order. See $g_view_issues_page_columns for more details about the supported fields.

By default the following columns are selected: selection, priority, id, sponsorship_total, bugnotes_count, attachment_count, category_id, severity, status, last_updated, summary

This configuration option is used to select the columns to be included in the CSV export and in which order. See $g_view_issues_page_columns for more details about the supported fields.

By default the following columns are selected: id, project_id, reporter_id, handler_id, priority, severity, reproducibility, version, build, projection, category_id, date_submitted, eta, os, os_build, platform, view_state, last_updated, summary, status, resolution, fixed_in_version, duplicate_id.

This configuration option is used to select the columns to be included in the Excel export and in which order. See $g_view_issues_page_columns for more details about the supported fields.

By default the following columns are selected: id, project_id, reporter_id, handler_id, priority, severity, reproducibility, version, build, projection, category_id, date_submitted, eta, os, os_build, platform, view_state, last_updated, summary, status, resolution, fixed_in_version, duplicate_id.

Show project links when in All Projects mode. Default is ON.

This controls display of the product version in the report, view, update and print issue pages. This flag also applies to other product version related fields like product build, fixed in version, and target version. Valid values are ON, OFF, and AUTO. ON for always displayed, AUTO for displayed when project has versions defined, and OFF for always OFF. The default value is AUTO.

The access level threshold at which users will see the date of release for product versions. Dates will be shown next to the product version, target version and fixed in version fields. Set this threshold to NOBODY to disable the feature. Default value is NOBODY.

This control will replace the user's userid with their realname. If it is set to ON, and the real name field has been populated, the replacement will occur. It defaults to OFF.

Show the users' avatar

In addition to enabling this configuration option it is necessary to install an avatar plugin like the Gravatar plugin which is bundled out of the box.

The threshold of users for which MantisBT should show the avatar (default DEVELOPER). Note that the threshold is related to the user for whom the avatar is being shown, rather than the user who is currently logged in.

Time for long lived cookie to live in seconds. It is also used as the default for permanent logins if $g_allow_permanent_cookie is enabled and selected. Default is 1 year.

Allow users to opt for a 'permanent' cookie when logging in. Controls the display of the 'Remember my login in this browser' checkbox on the login page. See $g_cookie_time_length.

Time to delay between page redirects (in seconds). Users can override this setting in their user preferences. Default is 2 seconds.

This timeout is used by pages which does time consuming operations like upgrading the database. The default value of 0 disables timeout. Note that this timeout is specified in seconds.

This format is used in the bug listing pages (eg: View Bugs). Default is Y-m-d.

This format is used in the view/update bug pages, bug notes, manage section, and news section. Default is Y-m-d H:i.

This format is used on the top of each page (current time) and the emails that are sent out. Default is Y-m-d H:i T.

This format is used with the datetime picker widget. Default is Y-MM-DD HH:mm.

Default timezone to use in MantisBT. This configuration is normally initialized when installing Mantis. It should be set to one of the values specified in the List of Supported Timezones.

If this config is left blank, the timezone will be initialized by calling function date_default_timezone_get(), which will fall back to UTC if unable to determine the timezone.

Correct configuration of this variable can be confirmed by running the administration checks. Users can override the default timezone under user their preferences.

Indicates whether the news feature should be enabled or disabled. The default is OFF. The news feature is deprecated in favor of being moved to a plugin.

Limit the news entry that are displayed by number of entries (BY_LIMIT) or by date (BY_DATE). The default is BY_LIMIT.

The limit for the number of news entries to be displayed. This option is only used if $g_news_limit_method is set to BY_LIMIT.

Specifies the number of dates after which the news are not displayed. This option is only used if $g_news_limit_method is set to BY_DATE.

Specifies the access level required to view private news. The default is DEVELOPER.

This is the default access level users are given when their account is created by email. The default access level is REPORTER. Look in constant_inc.php for other values.

The default viewing status for new projects (VS_PUBLIC or VS_PRIVATE). The default is VS_PUBLIC.

Default value for bug description field used on bug report page. Default is empty description.

Default value for bug additional info field used on bug report page. Default is empty.

Default value for bug steps to reproduce field used on bug report page. Default is empty.

The default viewing status for the new bug (VS_PUBLIC or VS_PRIVATE). The default is VS_PUBLIC.

The default viewing status for the new bugnote (VS_PUBLIC or VS_PRIVATE). The default is VS_PUBLIC.

Threshold for viewing timeline information. Use NOBODY to turn it off. If the timeline is turned off, the other widgets are displayed in a two column view. The default is VIEWER.

The default viewing status for the new reminders (VS_PUBLIC or VS_PRIVATE). The default is VS_PUBLIC.

The minimum access level for a user to show up in the reminder user picker. Note that this is the access level for the project for which the issue belongs. The default is DEVELOPER.

The resolution for a newly created issue. The default is OPEN. Look in constant_inc.php for other values.

The severity for a newly created issue. The default is MINOR. Look in constant_inc.php for other values.

The priority for a newly created issue. The default is NORMAL. Look in constant_inc.php for other values.

The reproducibility for a newly created issue. The default is REPRODUCIBILITY_HAVENOTTRIED. Look in constant_inc.php for other values.

The projection for a newly created issue. The default is PROJECTION_NONE. Look in constant_inc.php for other values.

The ETA for a newly created issue. The default is ETA_NONE. Look in constant_inc.php for other values.

Default global category to be used when an issue is moved from a project to another that doesn't have a category with a matching name. The default is 1 which is the "General" category that is created in the default database.

Number of bugs to show in the View Bugs page. The default value is 50.

Highlight bugs that have changed during the last N hours. The default value is 6.

Controls which issues will be displayed in the View Issues page. Default value is CLOSED, implying that all issues at "closed" or higher state will not be shown.

This is the delay between automatic refreshes of the View Issues page in minutes. Make sure refresh delay in user preferences isn't too short. If a users set their preferences to be lower then it is bumped back up to this minimum value. The default value is 10 minutes.

Default page refresh delay (in minutes). This is for the bug listing pages. Default value is 30 minutes.

Default delay before a user is redirected to a page after being prompted by a message (eg: operational successful). Default value is 2 seconds.

This controls the time order in which bug notes are displayed. It can be either ASC (oldest first, the default) or DESC (newest first).

Default user preferences to enable receiving emails when a bug is set to the corresponding status. This option only has an effect if users have the required access level to receive such emails. Default value is ON.

Default user preferences to enable receiving emails when bugs are re-opened. Default value is ON.

Default user preferences to enable receiving emails when bugnotes are added to bugs. Default value is ON.

Default user preferences to enable receiving emails when status is changed. Default is OFF.

Default user preferences to enable receiving emails when priority is changed. Default is OFF.

Default user preferences to enable filtering based on issue severity. These correspond to the email_on_<status> settings. Default is 'any'.

Default user preference to enable filtering based on issue severity. These corresponds to the email_on_bugnote setting. Default is 'any'.

Default user preference to enable filtering based on issue severity. These corresponds to the email_on_status settings. Default is 'any'.

Default user preferences to enable filtering based on issue severity. These corresponds to the email_on_priority settings. Default is 'any'.

Limit how many reporters to show in the summary page. This is useful when there are dozens or hundreds of reporters. The default value is 10.

An array of date lengths to count bugs by (in days) for the summary by date. The default is to count for 1, 2, 3, 7, 30, 60, 90, 180, and 365.

Specifies whether category names should be preceded by project names (eg: [Project] Category) when the summary page is viewed for all projects. This is useful in the case where category names are common across projects. The default is OFF.

Specifies the access level required to view the summary page. Default is MANAGER.

An array of multipliers which are used to determine the effectiveness of reporters based on the severity of bugs. Higher multipliers will result in an increase in reporter effectiveness. The default multipliers are:

$g_severity_multipliers = array ( FEATURE => 1,
                                  TRIVIAL => 2,
                                  TEXT => 3,
                                  TWEAK => 2,
                                  MINOR => 5,
                                  MAJOR => 8,
                                  CRASH => 8,
                                  BLOCK => 10 );

The keys of the array are severity constants from constant_inc.php or from custom_constants_inc.php if you have custom severities defined. The values are integers, typically in the range of 0 to 10. If you would like for a severity to not count towards effectiveness, set the value to 0 for that severity.

An array of multipliers which are used to determine the effectiveness of reporters based on the resolution of bugs. Higher multipliers will result in a decrease in reporter effectiveness. The only resolutions that need to be defined here are those which match or exceed $g_bug_resolution_not_fixed_threshold. The default multipliers are:

$g_resolution_multipliers = array( UNABLE_TO_REPRODUCE => 2,
                                   NOT_FIXABLE => 1,
                                   DUPLICATE => 3,
                                   NOT_A_BUG => 5,
                                   SUSPENDED => 1,
                                   WONT_FIX => 1 );

The keys of the array are resolution constants from constant_inc.php or from custom_constants_inc.php if you have custom resolutions defined. Resolutions not included here will be assumed to have a multiplier value of 0. The values are integers, typically in the range of 0 to 10. If you would like for a resolution to not count towards effectiveness, set the value to 0 for that resolution or remove it from the array completely. Note that these resolution multipliers are stacked on top of the severity multipliers. Therefore by default, a user reporting many duplicate bugs at severity level BLOCK will be far worse off than a user reporting many duplicate bugs at severity level FEATURE.

Order to use for sorting bugnotes by submit date. Possible values include ASC for ascending and DESC for descending order. The default value is ASC.

Whether to allow/disallow uploading of attachments. Default value is ON.

Specify the location for uploading attachments. In case of DISK methods you need to provide the webserver with write access rights to the configured upload path (configured in the project) and temporary upload path (used by PHP).

Values: DISK or DATABASE

Default: DATABASE

Whether to enable/disable drag and drop zone for uploading of attachments. Default value is ON.

Maximum number of files that can be uploaded simultaneously. Default value is 10.

Maximum file size that can be uploaded. Default value is about 5 MiB. The maximum size is also affected by the PHP options post_max_size (default 8 MiB), upload_max_filesize (default 2 MiB) and memory_limit (default 128 MiB) specified in php.ini.

Authorized file types (whitelist).

If $g_allowed_files is filled in, NO other file types will be allowed. If empty, any extensions not specifically excluded by $g_disallowed_files list will be authorized ($g_disallowed_files takes precedence over $g_allowed_files). Separate items by commas, e.g. 'bmp,gif,jpg,png,txt,zip'.

Forbidden file types (blacklist).

All file extensions in this list will be unauthorized. Separate items by commas, e.g. 'php,html,java,exe,pl,svg'.

This limit applies to previewing of image / text attachments. If the attachment size is smaller than the specified value, the attachment is previewed with the issue details. The previewing can be disabled by setting this configuration to 0. The default value is 256 * 1024 (256KB).

An array of file extensions (not including dots) for text files that can be previewed inline.

An array of file extensions (not including dots) for image files that can be previewed inline.

Specify the filename of the magic database file. This is used by PHP to guess what the MIME type of a file is. Usually it is safe to leave this setting as the default (blank) as PHP is usually able to find this file by itself.

Enable support for sending files to users via a more efficient X-Sendfile method. HTTP server software supporting this technique includes Lighttpd, Cherokee, Apache with mod_xsendfile and nginx. You may need to set the proceeding file_download_xsendfile_header_name option to suit the server you are using.

The name of the X-Sendfile header to use. Each server tends to implement this functionality in a slightly different way and thus the naming conventions for the header differ between each server. Lighttpd from v1.5, Apache with mod_xsendfile and Cherokee web servers use X-Sendfile. nginx uses X-Accel-Redirect and Lighttpd v1.4 uses X-LIGHTTPD-send-file.

This flag controls whether www URLs and email addresses are automatically converted into clickable links as well as where the www links open when clicked. The options are:

Default is LINKS_SAME_WINDOW.

This is the list of HTML tags that are allowed.Do NOT include href or img tags here.Do NOT include tags that have parameters (eg. )The HTML code is allowed to enter the database as is. The $g_allow_href_tags does not have to be enabled to make URL links. The package will automatically hyperlink properly formatted URLs eg. https://blah.blah/ or mailto://me@more.com/

Specifies a file to be included at the bottom of each page. It can be used e.g. for company branding, to include Google Analytics script, etc.

Specifies a file to be included at the top of each page. It can be used e.g. for company branding.

If a file is supplied, the logo specified by $g_logo_image (see Section 5.11, “Display”) will not be shown, and the include file will have to handle display of the logo. To do so you can use the html_print_logo() API function, which will display the logo with an URL link if one has been specified in $g_logo_url

Example top include PHP file with logo and centered page title:

<div id="banner" style="display: flex; align-items: center;">
	<div style="width: 10%;">
		<?php html_print_logo(); ?>
	</div>

	<div class="center">
		<span class="pagetitle">
			<?php global $g_window_title; echo $g_window_title; ?>
		</span>
	</div>

	<div style="width: 10%;">
	</div>
</div>

Set this to point to the CSS file of your choice.

Set this to point to the RTL CSS file of your choice.

A flag that indicates whether to use CDN (content delivery networks) for loading javascript libraries and their associated CSS. This improves performance for loading MantisBT pages. This can be disabled if it is desired that MantisBT doesn't reach out outside corporate network. Default OFF.

This option will add custom options to the main menu. It is an array of arrays listing the caption, access level required, and the link to be executed. For example:

$g_main_menu_custom_options = array(
    array( 
        'title'        => 'My Link',
        'access_level' => MANAGER,
        'url'          => 'my_link.php',
        'icon'         => 'fa-plug'
    ),
    array( 
        'title'        => 'My Link2',
        'access_level' => ADMINISTRATOR,
        'url'          => 'my_link2.php',
        'icon'         => 'fa-plug'
    )
);

Note that if the caption is found in custom_strings_inc.php (see Section 7.1, “Strings / Translations”), it will be replaced by the corresponding translated string. Options will only be added to the menu if the current logged in user has the appropriate access level.

Use icons from Font Awesome. Add "fa-" prefix to icon name.

Access level is an optional field, and no check will be done if it is not set. Icon is an optional field, and 'fa-plug' will be used if it is not set.

Status to assign to the bug when submitted. Default value is NEW_.

Status to assign to the bug when assigned. Default value is ASSIGNED.

Status to assign to the bug when reopened. Default value is FEEDBACK.

Status to assign to the bug when feedback is required from the issue reporter. Once the reporter adds a note the status moves back from feedback to $g_bug_assigned_status or $g_bug_submit_status based on whether the bug assigned or not.

When a note is added to a bug currently in $g_bug_feedback_status, and the note author is the bug's reporter, this option will automatically set the bug status to $g_bug_submit_status or $g_bug_assigned_status if the bug is assigned to a developer. Default value is ON.

Default resolution to assign to a bug when it is resolved as being a duplicate of another issue. Default value is DUPLICATE.

Resolution to assign to the bug when reopened. Default value is REOPENED.

Automatically set status to $g_bug_assigned_status whenever a bug is assigned to a person. Installations where assigned status is to be used when the defect is in progress, rather than just put in a person's queue should set it to OFF. Default is ON. For the status change to be effective, these conditions must be met:

If the conditions are not met, the assignment is still made, but status will not be modified.

Bug is resolved, ready to be closed or reopened. In some custom installations a bug maybe considered as resolved when it is moved to a custom (FIXED OR TESTED) status.

Threshold resolution which denotes that a bug has been resolved and successfully fixed by developers. Resolutions above and including this threshold and below $g_bug_resolution_not_fixed_threshold are considered to be resolved successfully. Default value is FIXED.

Threshold resolution which denotes that a bug has been resolved without being successfully fixed by developers. Resolutions above this threshold are considered to be resolved in an unsuccessful way. Default value is UNABLE_TO_REPRODUCE.

Bug becomes readonly if its status is >= $g_bug_readonly_status_threshold. The bug becomes read/write again if re-opened and its status becomes less than this threshold. The default is RESOLVED. Once the bug becomes readonly, a user with an access level greater than or equal to $g_update_readonly_bug_threshold can still edit the bug.

'status_enum_workflow' defines the workflow, and reflects a simple 2-dimensional matrix. For each existing status, you define which statuses you can go to from that status, e.g. from NEW_ you might list statuses '10:new,20:feedback,30:acknowledged' but not higher ones.The default is no workflow, where all states are accessible from any others.

This is the access level required to open a bug. The default is REPORTER.

This is the access level generally required to update the content of a bug. The default is UPDATER.

This is the access level generally required to be access level needed to be listed in the assign to field. The default is DEVELOPER. If a more restrictive setting can be determined from $g_set_status_threshold, it will be used.

These settings control the access level required to promote a bug to a new status once the bug is opened.$g_set_status_threshold is an array indexed by the status value that allows a distinct setting for each status. It defaults to blank.If the appropriate status is not defined above, $g_update_bug_status_threshold is used instead. The default is DEVELOPER.

Threshold at which a user can edit his/her own bugnotes. The default value is equal to the configuration setting $g_update_bugnote_threshold.

Threshold at which a user can delete his/her own bugnotes. The default value is equal to the configuration setting $g_delete_bugnote_threshold.

Threshold at which a user can change the view status of his/her own bugnotes. The default value is equal to the configuration setting $g_change_view_status_threshold.

If set, the bug reporter is allowed to close their own bugs, regardless of their access level. The default is OFF.

If set, the bug reporter is allowed to reopen their own bugs once resolved, regardless of their access level. This allows the reporter to disagree with the resolution. The default is ON.

If set, no check is performed on the status of a bug's children, which allows the parent to be closed whether or not the children have been resolved. The default is OFF.

Show custom fields in the filter dialog and use these in filtering. Defaults to ON.

The number of filter fields to display per row. The default is 8.

Controls the display of the filter pages. Possible values are:

This switch enables the use of AJAX to dynamically load and create filter form controls upon request. This method will reduce the amount of data that needs to be transferred upon each page load dealing with filters and thus will result in speed improvements and bandwidth reduction.

The threshold required for users to be able to create permalinks (default DEVELOPER). To turn this feature off use NOBODY.

The service to use to create a short URL. The %s will be replaced by the long URL. By default https://www.tinyurl service is used to shorten URLs.

The regular expression to use when validating new user login names. The default regular expression allows a-z, A-Z, 0-9, +, -, dot, space and underscore. If you change this, you may want to update the ERROR_USER_NAME_INVALID string in the language files to explain the rules you are using on your site.

See Wikipedia for more details about regular expressions. For testing regular expressions, use Rubular.

Access level needed to monitor issues. The default value is REPORTER.

Access level needed to show the list of users monitoring an issue. The default value is DEVELOPER.

Access level needed to add other users to the list of users monitoring an issue. The default value is DEVELOPER.

This setting should not be lower than $g_show_monitor_list_threshold.

Access level needed to delete other users from the list of users monitoring an issue. The default value is DEVELOPER.

This setting should not be lower than $g_show_monitor_list_threshold.

Allow reporters to close the bugs they reported.

Allow the specified access level and above to delete bugs.

Allow the specified access level and above to move bugs between projects.

Allow users to delete their own accounts.

Enable anonymous access to Mantis. You must also specify $g_anonymous_account as the account which anonymous users will browse Mantis with. The default setting is OFF.

Define the account which anonymous users will assume when using Mantis. This account is considered by Mantis to be protected from modification. In other words, this account can only be modified by users with an access level equal to or higher than $g_manage_user_threshold. Anonymous users will not be able to adjust preferences or change account settings like normal users can.

You will need to create a new account to use for this $g_anonymous_account setting. When creating the account you should specify a password, email address and so forth in the same way you'd create any other account. It is suggested that the access level for this account be set to VIEWER or some other read only level.

The anonymous user account will not receive standard notifications and can not monitor issues.

The default setting is blank/undefined. You only need to define this setting when $g_allow_anonymous_login is set to ON.

If a number follows this tag it will create a link to a bug. Default is '#'.

If a number follows this tag it will create a link to a bug note. Default is '~'.

Specifies whether to enable support for project documents or not. Default is OFF. This feature is deprecated and is expected to be moved to a plugin in the future.

Threshold at which a user is considered to be a site administrator. These users have the highest level of access to your Mantis installation. This access level is required to change key Mantis settings (such as server paths) and perform other administrative duties. You may need to change this value from the default of ADMINISTRATOR if you have defined a new access level to replace the default ADMINISTRATOR level in constant_inc.php.

The threshold required for users to be able to manage configuration of a project. This includes workflow, email notifications, columns to view, and others. Default is MANAGER.

Threshold for users to view the raw system configurations as stored in the database. The default value is ADMINISTRATOR.

Threshold for users to set the system configurations generically via MantisBT web interface. The default value is ADMINISTRATOR.

The separator to use for CSV exports. The default value is the comma (,).

When this setting is ON (default), any data that could be interpreted as a formula by a spreadsheet program such as Excel (i.e. starting with =, @, - or +), will be prefixed with a tab character (\t) in order to prevent CSV injection.

Sometimes this may not be appropriate (e.g. if the CSV needs to be consumed programmatically). In that case, $g_csv_injection_protection can be set to OFF, resulting in raw data to be exported.

Specifies the path under which a cookie is visible.

All scripts in this directory and its sub-directories will be able to access MantisBT cookies.

Default value is '/'. It is recommended to set this to the actual MantisBT path.

The domain that the MantisBT cookies are available to.

Prefix for all MantisBT cookies

This should be an identifier which does not include spaces or periods, and should be unique per MantisBT installation, especially if $g_cookie_path is not restricting the cookies' scope to the actual MantisBT directory.

It applies to the cookies listed below. Their actual names are calculated by prepending the prefix, and it is not expected for the user to need to change these.

This option is used to enable buffering/compression of HTML output if the user's browser supports it. Default value is ON. This option will be ignored in the following scenarios:

You can check the loaded modules in your PHP by running "php -m" on the command line, or by using php_info() command in a php script.

Use persistent database connections, setting this to ON will open the database once per connection, rather than once per page. There might be some scalability issues here and that is why it is defaulted to OFF.

Specifies if reminders should be stored as bugnotes. The bugnote will still reflect that it is a reminder and list the names of users that got it. Default is ON.

Specifies if users who receive reminders about a bug, should be automatically added to the monitor list of that bug. Default is ON.

Enables or disables the @ mentions feature. Default is ON. When a user is @ mentioned in an issue or a note, they receive an email notification to get their attention. Users can be @ mentioned using their username and not realname.

This feature works with fields like summary, description, additional info, steps to reproduce and notes.

The tag to use for prefixing mentions. Default is '@'.

Make the bug history visible by default. If this option is not enabled, then the user will have to click on the Bug History link to see the bug history. Default is ON.

Show bug history entries in ascending or descending order. Default value is 'ASC'.

Access level required to view bug history revisions. Defaults to DEVELOPER.

Access level required to drop bug history revisions. Defaults to MANAGER.

enable/disable the whole issue sponsorship feature. The default os OFF.

The currency string used for all sponsorships. The default is 'US$'.

The minimum sponsorship amount that can be entered. If the user enters a value less than this, an error will be flagged. The default is 5.

The access level threshold needed to view the total sponsorship for an issue by all users. The default is VIEWER.

The access level threshold needed to view the details of the sponsorship (i.e., who will donate what) for an issue by all users. The default is VIEWER.

The access level threshold needed to allow user to sponsor issues. The default is REPORTER. Note that sponsoring user must have their email set in their profile.

The access level required to be able to handle sponsored issues. The default is DEVELOPER.

The access level required to be able to assign a sponsored issue to a user with access level greater or equal to 'handle_sponsored_bugs_threshold'. The default is MANAGER.

Access level needed to manage custom fields. The default is ADMINISTRATOR.

Access level needed to link a custom field to a project. The default is MANAGER.

This flag determines whether to start editing a custom field immediately after creating it, or return to the definition list. The default is ON (edit the custom field after creating).

This is an array of values defining the order that the boxes to be shown. A box that is not to be shown can have its value set to 0. The default is:

$g_my_view_boxes = array(
	'assigned'      => '1',
	'unassigned'    => '2',
	'reported'      => '3',
	'resolved'      => '4',
	'recent_mod'    => '5',
	'monitored'     => '6',
	'feedback'      => '0',
	'verify'        => '0',
	'my_comments'   => '0'
);

If you want to change the definition, copy the default value and apply the changes.

Number of bugs shown in each box. The default is 10.

Default page to transfer to after Login or Set Project. The default is 'my_view_page.php'. An alternative would be 'view_all_bugs_page.php' or 'main_page.php'.

This enables the relationship graphs feature where issues are represented by nodes and relationships as links between such nodes. Possible values are ON or OFF. Default is OFF.

Font name and size, as required by Graphviz. If Graphviz fails to run for you, you are probably using a font name that gd PHP extension can't find. On Linux, try the name of the font file without the extension. The default value is 'Arial'.

Font size, default is 8.

Default dependency orientation. If you have issues with lots of children or parents, leave as 'horizontal', otherwise, if you have lots of "chained" issue dependencies, change to 'vertical'. Default is 'horizontal'.

Max depth for relation graphs. This only affects relationship graphs, dependency graphs are drawn to the full depth. The default value is 2.

If set to ON, clicking on an issue on the relationship graph will open the bug view page for that issue, otherwise, will navigate to the relationship graph for that issue.

The full path for the dot tool. The webserver must have execute permission to this program in order to generate relationship graphs. This configuration option is not relevant for Windows. The default value is '/usr/bin/dot'.

The full path for the neato tool. The webserver must have execute permission to this program in order to generate relationship graphs. This configuration option is not relevant for Windows. The default value is '/usr/bin/neato'.

Set to ON to enable Wiki integration. Defaults to OFF.

The following Wiki Engine values are supported:

Wiki namespace to be used as root for all pages relating to this MantisBT installation.

URL under which the wiki engine is hosted.

Must be on the same server as MantisBT, requires a trailing '/'.

If left empty (default), the URL is derived from the global MantisBT path ($g_path, see Section 5.3, “Path”), replacing the URL's path component by the wiki engine string (i.e. if $g_path = 'http://example.com/mantis/' and $g_wiki_engine = 'dokuwiki', the wiki URL will be 'http://example.com/dokuwiki/').

Whether sub-projects feature should be enabled. Before turning this flag OFF, make sure all sub-projects are moved to top level projects, otherwise they won't be accessible. The default value is ON.

Whether sub-projects should inherit versions from parent projects. For project X which is a sub-project of A and B, it will have versions from X, A and B. The default value is ON.

Whether sub-projects should inherit categories from parent projects. For project X which is a sub-project of A and B, it will have categories from X, A and B. The default value is ON.

Enable or disable usage of 'ETA' field. Default value is OFF.

Enable or disable usage of 'Projection' field. Default value is OFF.

Enable or disable usage of 'Product Build' field. Default is OFF.

An array of optional fields to show on the bug report page.

The following optional fields are allowed: additional_info, attachments, category_id, due_date, eta, handler, monitors, os, os_build, platform, priority, product_build, product_version, reproducibility, resolution, severity, status, steps_to_reproduce, tags, target_version, view_state.

The summary and description fields are always shown and do not need to be listed in this option. Fields not listed above cannot be shown on the bug report page. Visibility of custom fields is handled via the Manage => Manage Custom Fields administrator page.

Note that monitors is not an actual field; adding it to the list will let authorized reporters (see monitor_add_others_bug_threshold in Section 5.24, “Misc”) select users to add to the issue's monitoring list. Monitors will only be notified of the submission if both their e-mail preferencess and the notify_flags configuration (see Section 5.8, “Email”) allows it, i.e.

$g_notify_flags['new']['monitor'] = ON;

This setting can be set on a per-project basis by using the Manage => Manage Configuration administrator page.

An array of optional fields to show on the issue view page and other pages that include issue details.

The following optional fields are allowed: additional_info, attachments, category_id, date_submitted, description, due_date, eta, fixed_in_version, handler, id, last_updated, os, os_build, platform, priority, product_build, product_version, project, projection, reporter, reproducibility, resolution, severity, status, steps_to_reproduce, summary, tags, target_version, view_state.

Fields not listed above cannot be shown on the bug view page. Visibility of custom fields is handled via the Manage => Manage Custom Fields administrator page.

This setting can be set on a per-project basis by using the Manage => Manage Configuration administrator page.

An array of optional fields to show on the bug update page.

The following optional fields are allowed: additional_info, category_id, date_submitted, description, due_date, eta, fixed_in_version, handler, id, last_updated, os, os_build, platform, priority, product_build, product_version, project, projection, reporter, reproducibility, resolution, severity, status, steps_to_reproduce, summary, target_version, view_state.

Fields not listed above cannot be shown on the bug update page. Visibility of custom fields is handled via the Manage => Manage Custom Fields administrator page.

This setting can be set on a per-project basis by using the Manage => Manage Configuration administrator page.

Time page loads. The page execution timer shows at the bottom of each page.

Default is OFF.

Show memory usage for each page load in the footer.

Default is OFF.

Used for debugging e-mail notifications. When it is '', the emails are sent normally. If set to an e-mail address, all messages are sent to it, with the original recipients (To, Cc, Bcc) included in the message body.

Default is ''.

Shows the total number/unique number of queries executed to serve the page.

Default is OFF.

Errors Display Method. Defines what errors are displayed and how. Available options are:

The default settings are recommended for use in production, and will only display MantisBT fatal errors, suppressing output of all other error types.

Recommended config_inc.php settings for developers:

$g_display_errors = array(
	E_WARNING           => DISPLAY_ERROR_HALT,
	E_ALL               => DISPLAY_ERROR_INLINE,
);

Less intrusive settings, recommended for testing purposes:

$g_display_errors = array(
	E_USER_WARNING => DISPLAY_ERROR_INLINE,
	E_WARNING      => DISPLAY_ERROR_INLINE,
);

Shows a list of variables and their values whenever an error is triggered. Only applies to error types configured to DISPLAY_ERROR_HALT in $g_display_errors.

Default is OFF.

Debug messages. If this option is turned OFF, page redirects will function if a non-fatal error occurs. For debugging purposes, you can set this to ON so that any non-fatal error will prevent page redirection, allowing you to see the errors.

Default is OFF.

The system logging interface is used to extract detailed debugging information for the MantisBT system. It can also serve as an audit trail for users' actions.

This controls the type of logging information recorded. Refer to $g_log_destination for details on where to save the logs.

The available log channels are:

Default is LOG_NONE.

$g_log_level = LOG_EMAIL | LOG_EMAIL_RECIPIENT;

$g_log_level = LOG_ALL & ~LOG_DATABASE;

Specifies where the log data goes. The following five options are available:

Default is '' (empty string).

Indicates the access level required for a user to see the log output (if $g_log_destination is 'page').

Default is ADMINISTRATOR.

Turns Time Tracking features ON or OFF - Default is OFF

Allow time tracking to be recorded without writing some text in the associated bugnote - Default is ON

Adds calculation links to workout how much time has been spent between a particular time frame. Currently it will allow you to enter a cost/hour and will work out some billing information. This will become more extensive in the future. Currently it is more of a proof of concept.

Default billing rate per hour - Default is 0

Instead of a text field turning this option on places a stopwatch on the page with Start/Stop and Reset buttons next to it. A bit gimmicky, but who cares.

Access level required to view time tracking information - Default DEVELOPER.

Access level required to add/edit time tracking information (If you give a user $g_time_tracking_edit_threshold you must give them $g_time_tracking_view_threshold as well) - Default DEVELOPER.

Access level required to run reports (not completed yet) - Default MANAGER.

Minimum global access level required to access webservice for readonly operations.

Minimum global access level required to access webservice for read/write operations.

Minimum global access level required to access the administrator webservices.

Minimum project access level required for caller to be able to specify reporter when adding issues or issue notes. Defaults to DEVELOPER.

Whether the REST API is enabled or not. Note that this flag only impacts API Token based auth. Hence, even if the API is disabled, it can still be used from the Web UI using cookie based authentication. Default ON.

Max number of events to allow for users with default access level (see $g_default_new_account_access_level) when signup is enabled. Use 0 for no limit. Default is 10.

Time window to enforce max events within. Default is 3600 seconds (1 hour).

Threshold to update due date submitted. Default is NOBODY.

Threshold to see due date. Default is NOBODY.

Default due date value for newly submitted issues: Empty string for no due date set. Related date that is accepted by strtotime(), e.g. 'today' or '+2 days'. Default is ''.

Due date warning levels. A variable number of Levels (defined as a number of seconds going backwards from the current timestamp, compared to an issue's due date) can be defined. Levels must be defined in ascending order.

Out of the box, MantisBT allows for 3 warning levels. Additional ones may be defined, but in that case new due-N CSS rules (where N is the array's index) must be created otherwise the extra levels will not be highlighted in the UI.

The threshold for a user to be able to impersonate another user, or NOBODY to disable impersonation. Default ADMINISTRATOR.

The threshold for a user to manage user accounts. Default ADMINISTRATOR.

If a user submits a note with an attachments (with the specified # of seconds) the attachment is linked to the note. Or 0 for disabling this feature.