Code

#19563 closed Bug (duplicate)

SECRET_KEY ampersands get escaped on startproject

Reported by: spleeyah Owned by: nobody
Component: Core (Management commands) Version: 1.4
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Just noticed this in 1.4.3. When you run:

django-admin.py startproject foo

The resulting SECRET_KEY in foo/foo/settings.py will have all ampersands escaped to "&"

To make it more obvious, edit django/core/management/commands/startproject.py:

        # Line 27
        # Create a random SECRET_KEY hash to put it in the main settings.
        # chars = 'abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)'
        chars = '&'

Then run the startproject command again and look at the resulting settings.py.

$ ./django-admin.py startproject foo
$ grep SECRET_KEY foo/foo/settings.py 
SECRET_KEY = '&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&'

Attachments (0)

Change History (1)

comment:1 Changed 18 months ago by apollo13

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Resolution set to duplicate
  • Status changed from new to closed

Fixed in 1.5, see #18634

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.