Opened 4 years ago

Closed 4 years ago

#19563 closed Bug (duplicate)

SECRET_KEY ampersands get escaped on startproject

Reported by: Brandon Carl Owned by: nobody
Component: Core (Management commands) Version: 1.4
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Just noticed this in 1.4.3. When you run:

django-admin.py startproject foo

The resulting SECRET_KEY in foo/foo/settings.py will have all ampersands escaped to "&"

To make it more obvious, edit django/core/management/commands/startproject.py:

        # Line 27
        # Create a random SECRET_KEY hash to put it in the main settings.
        # chars = 'abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)'
        chars = '&'

Then run the startproject command again and look at the resulting settings.py.

$ ./django-admin.py startproject foo
$ grep SECRET_KEY foo/foo/settings.py 
SECRET_KEY = '&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&'

Change History (1)

comment:1 Changed 4 years ago by Florian Apolloner

Needs documentation: unset
Needs tests: unset
Patch needs improvement: unset
Resolution: duplicate
Status: newclosed

Fixed in 1.5, see #18634

Note: See TracTickets for help on using tickets.
Back to Top