forked from CGM_Public/pretix_original
If the provided mail address has not ordered anything, there will still be a mail generated and sent to an invalid mail address, to avoid obvious timing attacks to determine active users.
This commit is contained in:
Tobias Kunze
committed by
Raphael Michel
Raphael Michel
parent
841cfe52a2
commit
7e19effe3c
@@ -11,6 +11,7 @@ from pretix.base.models import Event, Order
|
||||
from pretix.multidomain.urlreverse import build_absolute_uri
|
||||
|
||||
logger = logging.getLogger('pretix.base.mail')
|
||||
INVALID_ADDRESS = 'invalid-pretix-mail-address'
|
||||
|
||||
|
||||
class TolerantDict(dict):
|
||||
@@ -53,6 +54,9 @@ def mail(email: str, subject: str, template: str,
|
||||
:raises MailOrderException: on obvious, immediate failures. Not raising an exception does not necessarily mean
|
||||
that the email has been sent, just that it has been queued by the email backend.
|
||||
"""
|
||||
if email == INVALID_ADDRESS:
|
||||
return
|
||||
|
||||
with language(locale):
|
||||
if isinstance(template, LazyI18nString):
|
||||
body = str(template)
|
||||
|
||||
@@ -163,6 +163,18 @@ to your order for {event}.
|
||||
You can change your order details and view the status of your order at
|
||||
{url}
|
||||
|
||||
Best regards,
|
||||
Your {event} team"""))
|
||||
},
|
||||
'mail_text_resend_all_links': {
|
||||
'type': LazyI18nString,
|
||||
'default': LazyI18nString.from_gettext(ugettext_noop("""Hello,
|
||||
|
||||
somebody requested a list of your orders for {event}.
|
||||
The list is as follows:
|
||||
|
||||
{orders}
|
||||
|
||||
Best regards,
|
||||
Your {event} team"""))
|
||||
},
|
||||
|
||||
Reference in New Issue
Block a user