Status: PendingReview
Owner: trowb...@gmail.com
Labels: Type-Defect Priority-Medium Component-Admin Milestone-Release2.0
New issue 3341 by trowb...@gmail.com: 'Security Checklist' link gives http
500 due to permission problem
http://code.google.com/p/reviewboard/issues/detail?id=3341
The 'Security checklist' link on the admin page (which links to
/admin/security/) in 2.0 RC3 produces an http 500 error because it tries to
access media/uploaded/files/exec_check.php, which is disallowed via the
section in apache-wsgi.conf:
"Prevent the server from processing or allowing the rendering of certain
file types."
2014-05-14 04:20:36,301 - ERROR - - Exception thrown for user a_user at
https://example.com/admin/security/
[Errno 13] Permission
denied: '/var/www/example.com/htdocs/media/uploaded/files/exec_check.php'
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/Django-1.6.4-py2.7.egg/django/core/handlers/base.py",
line 114, in get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/usr/local/lib/python2.7/dist-packages/Django-1.6.4-py2.7.egg/django/contrib/admin/views/decorators.py",
line 17, in _checklogin
return view_func(request, *args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/ReviewBoard-2.0rc3-py2.7.egg/reviewboard/admin/views.py",
line 81, in security
results = runner.run()
File "/usr/local/lib/python2.7/dist-packages/ReviewBoard-2.0rc3-py2.7.egg/reviewboard/admin/security_checks.py",
line 203, in run
check.setUp()
File "/usr/local/lib/python2.7/dist-packages/ReviewBoard-2.0rc3-py2.7.egg/reviewboard/admin/security_checks.py",
line 99, in setUp
self.storage.save('exec_check' + ext, ContentFile(content))
File "/usr/local/lib/python2.7/dist-packages/Django-1.6.4-py2.7.egg/django/core/files/storage.py",
line 49, in save
name = self._save(name, content)
File "/usr/local/lib/python2.7/dist-packages/Django-1.6.4-py2.7.egg/django/core/files/storage.py",
line 199, in _save
fd = os.open(full_path, flags, 0o666)
OSError: [Errno 13] Permission
denied: '/var/www/example.com/htdocs/media/uploaded/files/exec_check.php'
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
You received this message because you are subscribed to the Google Groups
"reviewboard-issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to reviewboard-issues+unsubscr...@googlegroups.com.
To post to this group, send email to reviewboard-issues@googlegroups.com.
Visit this group at http://groups.google.com/group/reviewboard-issues.
For more options, visit https://groups.google.com/d/optout.