CGM_Public/pretix_cgo
1
0
Fork 0
forked from CGM_Public/pretix_original
Code Pull Requests Actions Activity

[SECURITY] Tokens for downloading answer attachments

Browse Source
This commit is contained in:
Raphael Michel
2017-08-20 16:59:45 +02:00
parent 5c91352bae
commit 1a42a54d98
10 changed files with 132 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/pretix/presale/templates/pretixpresale/event/fragment_cart.html
View File

@@ -1,5 +1,6 @@
{% load i18n %}
{% load eventurl %}
{% load safelink %}
{% for line in cart.positions %}
<div class="row cart-row {% if download and line.item.admission|default:event.settings.ticket_download_nonadm %}has-downloads{% endif %}">
<div class="product">
@@ -33,7 +34,10 @@
<dd>
{% if q.answer %}
{% if q.answer.file %}
<span class="fa fa-file"></span> {{ q.answer.file_link }}
<span class="fa fa-file"></span>
<a href="{{ q.answer.frontend_file_url }}?token={% answer_token request q.answer %}">
{{ q.answer.file_name }}
</a>
{% else %}
{{ q.answer|linebreaksbr }}
{% endif %}