CGM_Public/pretix_cgo
1
0
Fork 0
forked from CGM_Public/pretix_original
Code Pull Requests Actions Activity

Widget: Properly escape voucher codes

Browse Source
This commit is contained in:
Raphael Michel
2020-07-16 08:42:40 +02:00
parent b61893e3b1
commit f179a220bc
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/pretix/static/pretixpresale/js/widget/widget.js
View File

@@ -580,7 +580,7 @@ var shared_methods = {
} else {
return;
}
var redirect_url = this.$root.voucherFormTarget + '&voucher=' + this.voucher + '&subevent=' + this.$root.subevent;
var redirect_url = this.$root.voucherFormTarget + '&voucher=' + escape(this.voucher) + '&subevent=' + this.$root.subevent;
if (this.$root.widget_data) {
redirect_url += '&widget_data=' + escape(this.$root.widget_data_json);
}
@@ -590,7 +590,7 @@ var shared_methods = {
},
voucher_open: function (voucher) {
var redirect_url;
redirect_url = this.$root.voucherFormTarget + '&voucher=' + voucher;
redirect_url = this.$root.voucherFormTarget + '&voucher=' + escape(voucher);
if (this.$root.widget_data) {
redirect_url += '&widget_data=' + escape(this.$root.widget_data_json);
}