Opened 6 years ago

Closed 6 years ago

#19563 closed Bug (duplicate)

SECRET_KEY ampersands get escaped on startproject

Reported by: Brandon Carl Owned by: nobody
Component: Core (Management commands) Version: 1.4
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


Just noticed this in 1.4.3. When you run: startproject foo

The resulting SECRET_KEY in foo/foo/ will have all ampersands escaped to "&"

To make it more obvious, edit django/core/management/commands/

        # Line 27
        # Create a random SECRET_KEY hash to put it in the main settings.
        # chars = 'abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)'
        chars = '&'

Then run the startproject command again and look at the resulting

$ ./ startproject foo
$ grep SECRET_KEY foo/foo/ 
SECRET_KEY = '&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&'

Change History (1)

comment:1 Changed 6 years ago by Florian Apolloner

Resolution: duplicate
Status: newclosed

Fixed in 1.5, see #18634

Note: See TracTickets for help on using tickets.
Back to Top