CGM_Public/pretix_cgo
1
0
Fork 0
forked from CGM_Public/pretix_original
Code Pull Requests Actions Activity

Fix #1388 -- Prevent some words from occurring in order codes (#1422)

Browse Source 
* prevent some words from occurring in order codes

* Use regex to match against blacklist

* Prevent some words from occurring in voucher codes

* Rename blacklist to banlist
This commit is contained in:
Sohalt
2019-10-08 14:28:51 +02:00
committed by Raphael Michel
parent 9f7d5156cc
commit 05a1df244b
3 changed files with 89 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

80
src/pretix/base/banlist.py Normal file
View File

@@ -0,0 +1,80 @@
import re
# banlist based on http://www.bannedwordlist.com/lists/swearWords.txt
banlist = [
"anal",
"anus",
"arse",
"ass",
"balls",
"bastard",
"bitch",
"biatch",
"bloody",
"blowjob",
"bollock",
"bollok",
"boner",
"boob",
"bugger",
"bum",
"butt",
"clitoris",
"cock",
"coon",
"crap",
"cunt",
"damn",
"dick",
"dildo",
"dyke",
"fag",
"feck",
"fellate",
"fellatio",
"felching",
"fuck",
"fudgepacker",
"flange",
"goddamn",
"hell",
"homo",
"jerk",
"jizz",
"knobend",
"labia",
"lmao",
"lmfao",
"muff",
"nigger",
"nigga",
"omg",
"penis",
"piss",
"poop",
"prick",
"pube",
"pussy",
"queer",
"scrotum",
"sex",
"shit",
"sh1t",
"slut",
"smegma",
"spunk",
"tit",
"tosser",
"turd",
"twat",
"vagina",
"wank",
"whore",
"wtf"
]
blacklist_regex = re.compile('(' + '|'.join(banlist) + ')')
def banned(string):
return bool(blacklist_regex.search(string.lower()))

3
src/pretix/base/models/orders.py
View File

@@ -31,6 +31,7 @@ from django_scopes import ScopedManager, scopes_disabled
from i18nfield.strings import LazyI18nString from i18nfield.strings import LazyI18nString
from jsonfallback.fields import FallbackJSONField from jsonfallback.fields import FallbackJSONField
from pretix.base.banlist import banned
from pretix.base.decimal import round_decimal from pretix.base.decimal import round_decimal
from pretix.base.email import get_email_context from pretix.base.email import get_email_context
from pretix.base.i18n import language from pretix.base.i18n import language
@@ -538,6 +539,8 @@ class Order(LockModel, LoggedModel):
charset = list('ABCDEFGHJKLMNPQRSTUVWXYZ3789') charset = list('ABCDEFGHJKLMNPQRSTUVWXYZ3789')
while True: while True:
code = get_random_string(length=settings.ENTROPY['order_code'], allowed_chars=charset) code = get_random_string(length=settings.ENTROPY['order_code'], allowed_chars=charset)
if banned(code):
continue
if self.testmode: if self.testmode:
# Subtle way to recognize test orders while debugging: They all contain a 0 at the second place, # Subtle way to recognize test orders while debugging: They all contain a 0 at the second place,
# even though zeros are not used outside test mode. # even though zeros are not used outside test mode.

8
src/pretix/base/models/vouchers.py
View File

@@ -10,6 +10,7 @@ from django.utils.timezone import now
from django.utils.translation import pgettext_lazy, ugettext_lazy as _ from django.utils.translation import pgettext_lazy, ugettext_lazy as _
from django_scopes import ScopedManager, scopes_disabled from django_scopes import ScopedManager, scopes_disabled
from pretix.base.banlist import banned
from pretix.base.models import SeatCategoryMapping from pretix.base.models import SeatCategoryMapping
from ..decimal import round_decimal from ..decimal import round_decimal
@@ -21,9 +22,12 @@ from .orders import Order
def _generate_random_code(prefix=None): def _generate_random_code(prefix=None):
charset = list('ABCDEFGHKLMNPQRSTUVWXYZ23456789') charset = list('ABCDEFGHKLMNPQRSTUVWXYZ23456789')
rnd = None
while not rnd or banned(rnd):
rnd = get_random_string(length=settings.ENTROPY['voucher_code'], allowed_chars=charset)
if prefix: if prefix:
return prefix + get_random_string(length=settings.ENTROPY['voucher_code'], allowed_chars=charset) return prefix + rnd
return get_random_string(length=settings.ENTROPY['voucher_code'], allowed_chars=charset) return rnd
@scopes_disabled() @scopes_disabled()