Status: PendingReview
Owner: trowb...@gmail.com
Labels: Type-Defect Priority-Medium Component-Admin Milestone-Release2.0

New issue 3341 by trowb...@gmail.com: 'Security Checklist' link gives http 500 due to permission problem
http://code.google.com/p/reviewboard/issues/detail?id=3341

The 'Security checklist' link on the admin page (which links to /admin/security/) in 2.0 RC3 produces an http 500 error because it tries to access media/uploaded/files/exec_check.php, which is disallowed via the section in apache-wsgi.conf:

"Prevent the server from processing or allowing the rendering of certain file types."

2014-05-14 04:20:36,301 - ERROR - - Exception thrown for user a_user at https://example.com/admin/security/

[Errno 13] Permission denied: '/var/www/example.com/htdocs/media/uploaded/files/exec_check.php'
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/Django-1.6.4-py2.7.egg/django/core/handlers/base.py", line 114, in get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/usr/local/lib/python2.7/dist-packages/Django-1.6.4-py2.7.egg/django/contrib/admin/views/decorators.py", line 17, in _checklogin
    return view_func(request, *args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/ReviewBoard-2.0rc3-py2.7.egg/reviewboard/admin/views.py", line 81, in security
    results = runner.run()
File "/usr/local/lib/python2.7/dist-packages/ReviewBoard-2.0rc3-py2.7.egg/reviewboard/admin/security_checks.py", line 203, in run
    check.setUp()
File "/usr/local/lib/python2.7/dist-packages/ReviewBoard-2.0rc3-py2.7.egg/reviewboard/admin/security_checks.py", line 99, in setUp
    self.storage.save('exec_check' + ext, ContentFile(content))
File "/usr/local/lib/python2.7/dist-packages/Django-1.6.4-py2.7.egg/django/core/files/storage.py", line 49, in save
    name = self._save(name, content)
File "/usr/local/lib/python2.7/dist-packages/Django-1.6.4-py2.7.egg/django/core/files/storage.py", line 199, in _save
    fd = os.open(full_path, flags, 0o666)
OSError: [Errno 13] Permission denied: '/var/www/example.com/htdocs/media/uploaded/files/exec_check.php'

--
You received this message because this project is configured to send all issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings

--
You received this message because you are subscribed to the Google Groups 
"reviewboard-issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to reviewboard-issues+unsubscr...@googlegroups.com.
To post to this group, send email to reviewboard-issues@googlegroups.com.
Visit this group at http://groups.google.com/group/reviewboard-issues.
For more options, visit https://groups.google.com/d/optout.

Reply via email to