You MUST use this template when reporting issues. Please make sure you follow the checklist and fill in all of the information sections below.
All versions of django-smart-selects prior to version 1.2.8 are vulnerable to an XSS attack as detailed in issue 171. As a result, all previous versions have been removed from PyPI to prevent users from installing insecure versions. All users are urged to upgrade as soon as possible.
Checklist
Put an x in the bracket when you have completed each task, like this: [x]
[x] This issue is not about installing previous versions of django-smart-selects older than 1.2.8. I understand that previous versions are insecure and will not receive any support whatsoever.
[x] I have verified that that issue exists against the master branch of django-smart-selects.
[x] I have searched for similar issues in both open and closed tickets and cannot find a duplicate.
[x] I have debugged the issue to the smart_selects app.
[x] I have reduced the issue to the simplest possible case.
[x] I have included all relevant sections of models.py, forms.py, and views.py with problems.
Note: This is a subset of the warnings that are produced. I'll be opening other issues/PRs for the other deprecation warnings.
/path/to/django-smart-selects/smart_selects/db_fields.py:121: RemovedInDjango20Warning: Usage of field.rel has been deprecated. Use field.remote_field instead.
'queryset': self.rel.to._default_manager.complex_filter(
/path/to/django-smart-selects/smart_selects/db_fields.py:122: RemovedInDjango20Warning: Usage of field.rel has been deprecated. Use field.remote_field instead.
self.rel.limit_choices_to),
/path/to/django-smart-selects/smart_selects/utils.py:33: RemovedInDjango20Warning: Usage of field.rel has been deprecated. Use field.remote_field instead.
limit_choices_to = field.rel.limit_choices_to
/path/to/smart_selects/db_fields.py:231: RemovedInDjango20Warning: Usage of field.rel has been deprecated. Use field.remote_field instead.
'queryset': self.rel.to._default_manager.complex_filter(
/path/to/django-smart-selects/smart_selects/db_fields.py:232: RemovedInDjango20Warning: Usage of field.rel has been deprecated. Use field.remote_field instead.
self.rel.limit_choices_to),
/path/to/django-smart-selects/smart_selects/db_fields.py:233: RemovedInDjango20Warning: Usage of field.rel has been deprecated. Use field.remote_field instead.
'to_field_name': self.rel.field_name,
/path/to/django-smart-selects/smart_selects/db_fields.py:277: RemovedInDjango20Warning: Usage of field.rel has been deprecated. Use field.remote_field instead.
'queryset': self.rel.to._default_manager.complex_filter(
/path/to/django-smart-selects/smart_selects/db_fields.py:278: RemovedInDjango20Warning: Usage of field.rel has been deprecated. Use field.remote_field instead.
self.rel.limit_choices_to),
/path/to/django-smart-selects/smart_selects/db_fields.py:279: RemovedInDjango20Warning: Usage of field.rel has been deprecated. Use field.remote_field instead.
'to_field_name': self.rel.field_name,
smart_selects/db_fields.py excerpts:
class ChainedManyToManyField(IntrospectiveFieldMixin, ManyToManyField):
...
def formfield(self, **kwargs):
...
defaults = {
'form_class': form_fields.ChainedManyToManyField,
'queryset': self.rel.to._default_manager.complex_filter( # THIS SHOULD BE `self.remote_field...`
self.rel.limit_choices_to), # THIS SHOULD BE `self.remote_field.limit_choices_to`
class ChainedForeignKey(IntrospectiveFieldMixin, ForeignKey):
...
def formfield(self, **kwargs):
...
defaults = {
'form_class': form_fields.ChainedModelChoiceField,
'queryset': self.rel.to._default_manager.complex_filter( # THIS SHOULD BE `self.remote_field...`
self.rel.limit_choices_to), # THIS SHOULD BE `self.remote_field.limit_choices_to`
'to_field_name': self.rel.field_name, # THIS SHOULD BE `self.remote_field.field_name`
class GroupedForeignKey(ForeignKey):
...
def formfield(self, **kwargs):
defaults = {
'form_class': form_fields.GroupedModelSelect,
'queryset': self.rel.to._default_manager.complex_filter( # SHOULD BE `self.remote_field...`
self.rel.limit_choices_to), # SHOULD BE `self.remote_field.limit_choices_to`
'to_field_name': self.rel.field_name, # SHOULD BE `self.remote_field.field_name`
def get_limit_choices_to(app_name, model_name, field_name):
try:
model = get_model(app_name, model_name)
field = model._meta.get_field(field_name)
limit_choices_to = field.rel.limit_choices_to # THIS SHOULD BE field.remote_field.limit_choices_to
You MUST use this template when reporting issues. Please make sure you follow the checklist and fill in all of the information sections below.
All versions of django-smart-selects prior to version 1.2.8 are vulnerable to an XSS attack as detailed in issue 171. As a result, all previous versions have been removed from PyPI to prevent users from installing insecure versions. All users are urged to upgrade as soon as possible.
Checklist
Put an
x
in the bracket when you have completed each task, like this:[x]
master
branch of django-smart-selects.smart_selects
app.models.py
,forms.py
, andviews.py
with problems.Steps to reproduce
test_app
.python -Wd manage.py test
.stdout
.Actual behavior
Note: This is a subset of the warnings that are produced. I'll be opening other issues/PRs for the other deprecation warnings.
smart_selects/db_fields.py
excerpts:Source
Source
Source
smart_selects/utils.py
excerpt:Source
Reference in Django 1.9 release notes
Expected behavior
Shouldn't see any warnings.