You MUST use this template when reporting issues. Please make sure you follow the checklist and fill in all of the information sections below.
All versions of django-smart-selects prior to version 1.2.8 are vulnerable to an XSS attack as detailed in issue 171. As a result, all previous versions have been removed from PyPI to prevent users from installing insecure versions. All users are urged to upgrade as soon as possible.
Checklist
Put an x in the bracket when you have completed each task, like this: [x]
[x] This issue is not about installing previous versions of django-smart-selects older than 1.2.8. I understand that previous versions are insecure and will not receive any support whatsoever.
[x] I have verified that that issue exists against the master branch of django-smart-selects.
[x] I have searched for similar issues in both open and closed tickets and cannot find a duplicate.
[x] I have debugged the issue to the smart_selects app.
[x] I have reduced the issue to the simplest possible case.
[x] I have included all relevant sections of models.py, forms.py, and views.py with problems.
Note: This is a subset of the warnings that are produced. I'll be opening other issues/PRs for the other deprecation warnings.
/path/to/django-smart_selects/widgets.py:7: RemovedInDjango20Warning: Importing from django.core.urlresolvers is deprecated in favor of django.urls.
from django.core.urlresolvers import reverse
/path/to/django-smart-selects/test_app/tests.py:1: RemovedInDjango20Warning: Importing from django.core.urlresolvers is deprecated in favor of django.urls.
from django.core.urlresolvers import reverse
smart_selects/widgets.py imports:
import json
import django
from django.apps import apps
from django.conf import settings
from django.core.urlresolvers import reverse # THIS SHOULD BE `from django.urls import reverse`
from django.forms.widgets import Select, SelectMultiple
from django.utils.safestring import mark_safe
from django.utils.encoding import force_text
from django.utils.html import escape
from smart_selects.utils import unicode_sorter, sort_results
from django.core.urlresolvers import reverse # THIS SHOULD BE `from django.urls import reverse`
from django.test import TestCase, RequestFactory
from .models import Book, Country, Location, Student
from smart_selects.views import filterchain, filterchain_all, is_m2m
Closing as this solution is a bit clunky (it's honestly better to just have the warning until django-smart-selects is supporting only Django 1.10+. Can re-open when that times comes, though.
You MUST use this template when reporting issues. Please make sure you follow the checklist and fill in all of the information sections below.
All versions of django-smart-selects prior to version 1.2.8 are vulnerable to an XSS attack as detailed in issue 171. As a result, all previous versions have been removed from PyPI to prevent users from installing insecure versions. All users are urged to upgrade as soon as possible.
Checklist
Put an
x
in the bracket when you have completed each task, like this:[x]
master
branch of django-smart-selects.smart_selects
app.models.py
,forms.py
, andviews.py
with problems.Steps to reproduce
test_app
.python -Wd manage.py test
.stdout
.Actual behavior
Note: This is a subset of the warnings that are produced. I'll be opening other issues/PRs for the other deprecation warnings.
smart_selects/widgets.py
imports:Source (this is the latest commit on
master
)test_app/tests.py
imports:Source
Reference in Django 1.10 release notes (4th item down)
Expected behavior
Shouldn't see any warnings.