One feature of Quixote I like a lot is the ERROR_EMAIL setting - even
though I cringe whenever one of those "Quixote Traceback" messages shows up
in my mailbox.  Not that *my* code ever crashes, mind you....

This morning I had several of them - an unpleasant way to start the day
before coffee, even.  They all were:

Traceback (most recent call last):
  File "/usr/local/lib/python2.2/site-packages/quixote/publish.py", line 647, in
publish
    self.parse_request(request)
  File "/usr/local/lib/python2.2/site-packages/quixote/publish.py", line 213, in
parse_request
    request.process_inputs()
  File "/usr/local/lib/python2.2/site-packages/quixote/upload.py", line 328, in
process_inputs
    self.parse_body(file, boundary)
  File "/usr/local/lib/python2.2/site-packages/quixote/upload.py", line 297, in
parse_body
    done = self.handle_upload(name, filename, file, boundary)
  File "/usr/local/lib/python2.2/site-packages/quixote/upload.py", line 267, in
handle_upload
    raise ConfigError("upload_dir not set")
ConfigError: upload_dir not set

Note that it never got out of Quixote...*my* code still doesn't crash...:)

I've not set upload_dir because nothing anywhere in the site uses
uploads.  I don't see why I should accept them at all.  But I'd rather not
have the site crash - even in the face of what looks to me to be somebody
probing for some sort of vulnerability.  I would suggest that this
situation should raise an AccessError instead of ConfigError; anybody
disagree?

jon

Jonathan Corbet
Executive editor, LWN.net
corbet@lwn.net