Re: Issue 3341 in reviewboard: 'Security Checklist' link gives http 500 due to permission problem

2014-05-16 Thread reviewboard 

Updates:
Status: Fixed

Comment #1 on issue 3341 by trowb...@gmail.com: 'Security Checklist' link  
gives http 500 due to permission problem

http://code.google.com/p/reviewboard/issues/detail?id=3341

Fixed in release-2.0.x (2aab84a). Thanks!

--
You received this message because this project is configured to send all  
issue notifications to this address.

You may adjust your notification preferences at:
https://code.google.com/hosting/settings

--
You received this message because you are subscribed to the Google Groups 
"reviewboard-issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to reviewboard-issues+unsubscr...@googlegroups.com.
To post to this group, send email to reviewboard-issues@googlegroups.com.
Visit this group at http://groups.google.com/group/reviewboard-issues.
For more options, visit https://groups.google.com/d/optout.

Issue 3341 in reviewboard: 'Security Checklist' link gives http 500 due to permission problem

2014-05-14 Thread reviewboard 

Status: PendingReview
Owner: trowb...@gmail.com
Labels: Type-Defect Priority-Medium Component-Admin Milestone-Release2.0

New issue 3341 by trowb...@gmail.com: 'Security Checklist' link gives http  
500 due to permission problem

http://code.google.com/p/reviewboard/issues/detail?id=3341

The 'Security checklist' link on the admin page (which links to  
/admin/security/) in 2.0 RC3 produces an http 500 error because it tries to  
access media/uploaded/files/exec_check.php, which is disallowed via the  
section in apache-wsgi.conf:


"Prevent the server from processing or allowing the rendering of certain  
file types."


2014-05-14 04:20:36,301 - ERROR -  - Exception thrown for user a_user at  
https://example.com/admin/security/


[Errno 13] Permission  
denied: '/var/www/example.com/htdocs/media/uploaded/files/exec_check.php'

Traceback (most recent call last):
   
File "/usr/local/lib/python2.7/dist-packages/Django-1.6.4-py2.7.egg/django/core/handlers/base.py",  
line 114, in get_response

response = wrapped_callback(request, *callback_args, **callback_kwargs)
   
File "/usr/local/lib/python2.7/dist-packages/Django-1.6.4-py2.7.egg/django/contrib/admin/views/decorators.py",  
line 17, in _checklogin

return view_func(request, *args, **kwargs)
   
File "/usr/local/lib/python2.7/dist-packages/ReviewBoard-2.0rc3-py2.7.egg/reviewboard/admin/views.py",  
line 81, in security

results = runner.run()
   
File "/usr/local/lib/python2.7/dist-packages/ReviewBoard-2.0rc3-py2.7.egg/reviewboard/admin/security_checks.py",  
line 203, in run

check.setUp()
   
File "/usr/local/lib/python2.7/dist-packages/ReviewBoard-2.0rc3-py2.7.egg/reviewboard/admin/security_checks.py",  
line 99, in setUp

self.storage.save('exec_check' + ext, ContentFile(content))
   
File "/usr/local/lib/python2.7/dist-packages/Django-1.6.4-py2.7.egg/django/core/files/storage.py",  
line 49, in save

name = self._save(name, content)
   
File "/usr/local/lib/python2.7/dist-packages/Django-1.6.4-py2.7.egg/django/core/files/storage.py",  
line 199, in _save

fd = os.open(full_path, flags, 0o666)
OSError: [Errno 13] Permission  
denied: '/var/www/example.com/htdocs/media/uploaded/files/exec_check.php'


--
You received this message because this project is configured to send all  
issue notifications to this address.

You may adjust your notification preferences at:
https://code.google.com/hosting/settings

--
You received this message because you are subscribed to the Google Groups 
"reviewboard-issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to reviewboard-issues+unsubscr...@googlegroups.com.
To post to this group, send email to reviewboard-issues@googlegroups.com.
Visit this group at http://groups.google.com/group/reviewboard-issues.
For more options, visit https://groups.google.com/d/optout.