Fixed #17800 -- Prevented Django from starting without a SECRET_KEY, since that opens a variety of security problems. Thanks PaulM for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17611 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
d0f162c73c
commit
4557058083
|
@ -106,6 +106,9 @@ class Settings(BaseSettings):
|
||||||
setting_value = (setting_value,) # In case the user forgot the comma.
|
setting_value = (setting_value,) # In case the user forgot the comma.
|
||||||
setattr(self, setting, setting_value)
|
setattr(self, setting, setting_value)
|
||||||
|
|
||||||
|
if not self.SECRET_KEY:
|
||||||
|
raise ValueError("The SECRET_KEY setting mustn't be empty.")
|
||||||
|
|
||||||
if hasattr(time, 'tzset') and self.TIME_ZONE:
|
if hasattr(time, 'tzset') and self.TIME_ZONE:
|
||||||
# When we can, attempt to validate the timezone. If we can't find
|
# When we can, attempt to validate the timezone. If we can't find
|
||||||
# this file, no check happens and it's harmless.
|
# this file, no check happens and it's harmless.
|
||||||
|
|
Loading…
Reference in New Issue