CGM_Public/pretix_cgo
1
0
Fork 0
forked from CGM_Public/pretix_original
Code Pull Requests Actions Activity

Check-in list PDF: Escape HTML tags in names

Browse Source
This commit is contained in:
Raphael Michel
2022-01-03 12:41:37 +01:00
parent e74d9e56cf
commit d4a2500204
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/pretix/plugins/checkinlists/exporters.py
View File

@@ -35,6 +35,7 @@
from collections import OrderedDict from collections import OrderedDict
from datetime import datetime, time, timedelta from datetime import datetime, time, timedelta
import bleach
import dateutil.parser import dateutil.parser
from django import forms from django import forms
from django.db.models import ( from django.db.models import (
@@ -374,8 +375,8 @@ class PDFCheckinList(ReportlabExportMixin, CheckInListMixin, BaseExporter):
CBFlowable(bool(op.last_checked_in)), CBFlowable(bool(op.last_checked_in)),
'' if op.order.status != Order.STATUS_PAID else '', '' if op.order.status != Order.STATUS_PAID else '',
op.order.code, op.order.code,
Paragraph(name, self.get_style()), Paragraph(bleach.clean(str(name), tags=['br']).strip().replace('<br>', '<br/>'), self.get_style()),
Paragraph(item, self.get_style()), Paragraph(bleach.clean(str(item), tags=['br']).strip().replace('<br>', '<br/>'), self.get_style()),
] ]
acache = {} acache = {}
if op.addon_to: if op.addon_to:
@@ -395,6 +396,7 @@ class PDFCheckinList(ReportlabExportMixin, CheckInListMixin, BaseExporter):
acache[a.question_id] = str(a) acache[a.question_id] = str(a)
for q in questions: for q in questions:
txt = acache.get(q.pk, '') txt = acache.get(q.pk, '')
txt = bleach.clean(txt, tags=['br']).strip().replace('<br>', '<br/>')
p = Paragraph(txt, self.get_style()) p = Paragraph(txt, self.get_style())
while p.wrap(colwidths[len(row)], 5000)[1] > 50 * mm: while p.wrap(colwidths[len(row)], 5000)[1] > 50 * mm:
txt = txt[:len(txt) - 50] + "..." txt = txt[:len(txt) - 50] + "..."