The 'Security checklist' link on the admin page (which links to /admin/security/) in 2.0 RC3 produces an http 500 error because it tries to access media/uploaded/files/exec_check.php, which is disallowed via the section in apache-wsgi.conf:
"Prevent the server from processing or allowing the rendering of certain file types."
2014-05-14 04:20:36,301 - ERROR - - Exception thrown for user a_user at https://example.com/admin/security/
[Errno 13] Permission denied: '/var/www/example.com/htdocs/media/uploaded/files/exec_check.php'
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/Django-1.6.4-py2.7.egg/django/core/handlers/base.py", line 114, in get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/usr/local/lib/python2.7/dist-packages/Django-1.6.4-py2.7.egg/django/contrib/admin/views/decorators.py", line 17, in _checklogin
return view_func(request, *args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/ReviewBoard-2.0rc3-py2.7.egg/reviewboard/admin/views.py", line 81, in security
results = runner.run()
File "/usr/local/lib/python2.7/dist-packages/ReviewBoard-2.0rc3-py2.7.egg/reviewboard/admin/security_checks.py", line 203, in run
check.setUp()
File "/usr/local/lib/python2.7/dist-packages/ReviewBoard-2.0rc3-py2.7.egg/reviewboard/admin/security_checks.py", line 99, in setUp
self.storage.save('exec_check' + ext, ContentFile(content))
File "/usr/local/lib/python2.7/dist-packages/Django-1.6.4-py2.7.egg/django/core/files/storage.py", line 49, in save
name = self._save(name, content)
File "/usr/local/lib/python2.7/dist-packages/Django-1.6.4-py2.7.egg/django/core/files/storage.py", line 199, in _save
fd = os.open(full_path, flags, 0o666)
OSError: [Errno 13] Permission denied: '/var/www/example.com/htdocs/media/uploaded/files/exec_check.php'
