Fix the security checklist with super-locked-down webservers.

Review Request #5827 — Created May 14, 2014 and submitted

Information

Review Board
release-2.0.x
55afa2c...

Reviewers

Some web server configurations prevent uploading of files with suspicious types
(like .cgi, .php, etc). In this case, the security checklist would throw a 500
because it would fail to even save the file, much less fetch it.

I've rearranged things a little bit to catch OSError exceptions when saving
files and remove them from the list of things that we then test/delete.

Manually caused one of the file types to throw an OSError and saw that the
security checks still passed.

chipx86
  1. Seems fine, but if we can't upload a certain file type, then technically, doesn't it pass as secure? Maybe we should just catch that we can't upload it and go "Yep, you're fine here!"

    1. That's what this does. If we couldn't upload it, it removes it from the list of extensions that gets checked later.

    2. Oh okay, I misunderstood.

  2. 
      
chipx86
  1. Ship It!

  2. 
      
david
Review request changed
Status:
Completed
Change Summary:
Pushed to release-2.0.x (2aab84a)