Opened 12 years ago
Closed 12 years ago
#19563 closed Bug (duplicate)
SECRET_KEY ampersands get escaped on startproject
| Reported by: | Brandon Carl | Owned by: | nobody |
|---|---|---|---|
| Component: | Core (Management commands) | Version: | 1.4 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
Just noticed this in 1.4.3. When you run:
django-admin.py startproject foo
The resulting SECRET_KEY in foo/foo/settings.py will have all ampersands escaped to "&"
To make it more obvious, edit django/core/management/commands/startproject.py:
# Line 27
# Create a random SECRET_KEY hash to put it in the main settings.
# chars = 'abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)'
chars = '&'
Then run the startproject command again and look at the resulting settings.py.
$ ./django-admin.py startproject foo $ grep SECRET_KEY foo/foo/settings.py SECRET_KEY = '&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&'
Note:
See TracTickets
for help on using tickets.
Fixed in 1.5, see #18634