CGM_Public/pretix_cgo
1
0
Fork 0
forked from CGM_Public/pretix_original
Code Pull Requests Actions Activity

Do not create useless cart session accessing invoice address

Browse Source
This commit is contained in:
Raphael Michel
2026-03-30 18:57:45 +02:00
parent a2cef22ea8
commit 4d15731528
2 changed files with 16 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
src/pretix/presale/views/__init__.py
View File

@@ -70,18 +70,21 @@ def cached_invoice_address(request):
# do not create a session, if we don't have a session we also don't have an invoice address ;) # do not create a session, if we don't have a session we also don't have an invoice address ;)
request._checkout_flow_invoice_address = InvoiceAddress() request._checkout_flow_invoice_address = InvoiceAddress()
return request._checkout_flow_invoice_address return request._checkout_flow_invoice_address
cs = cart_session(request) cs = cart_session(request, create=False)
iapk = cs.get('invoice_address') if cs is None:
if not iapk:
request._checkout_flow_invoice_address = InvoiceAddress() request._checkout_flow_invoice_address = InvoiceAddress()
else: else:
try: iapk = cs.get('invoice_address')
with scopes_disabled(): if not iapk:
request._checkout_flow_invoice_address = InvoiceAddress.objects.get(
pk=iapk, order__isnull=True
)
except InvoiceAddress.DoesNotExist:
request._checkout_flow_invoice_address = InvoiceAddress() request._checkout_flow_invoice_address = InvoiceAddress()
else:
try:
with scopes_disabled():
request._checkout_flow_invoice_address = InvoiceAddress.objects.get(
pk=iapk, order__isnull=True
)
except InvoiceAddress.DoesNotExist:
request._checkout_flow_invoice_address = InvoiceAddress()
return request._checkout_flow_invoice_address return request._checkout_flow_invoice_address

6
src/pretix/presale/views/cart.py
View File

@@ -417,7 +417,7 @@ def get_or_create_cart_id(request, create=True):
return new_id return new_id
def cart_session(request): def cart_session(request, create=True):
""" """
Before pretix 1.8.0, all checkout-related information (like the entered email address) was stored Before pretix 1.8.0, all checkout-related information (like the entered email address) was stored
in the user's regular session dictionary. This led to data interference and leaks for example if a in the user's regular session dictionary. This led to data interference and leaks for example if a
@@ -428,7 +428,9 @@ def cart_session(request):
active cart session sub-dictionary for read and write access. active cart session sub-dictionary for read and write access.
""" """
request.session.modified = True request.session.modified = True
cart_id = get_or_create_cart_id(request) cart_id = get_or_create_cart_id(request, create=create)
if not cart_id and not create:
return None
return request.session['carts'][cart_id] return request.session['carts'][cart_id]