remove print statement

Fix cache invalidation
Fix quota cache mixup
2023-08-23 09:51:12 +02:00 · 2023-08-23 09:47:05 +02:00 · 2023-08-22 13:00:16 +02:00 · 2023-08-22 12:59:57 +02:00 · 2023-08-22 11:32:43 +02:00 · 2023-08-22 10:53:26 +02:00
126 changed files with 99261 additions and 12262 deletions
@@ -35,7 +35,7 @@ jobs:
      - uses: actions/checkout@v2
      - uses: harmon758/postgresql-action@v1
        with:
-          postgresql version: '11'
+          postgresql version: '15'
          postgresql db: 'pretix'
          postgresql user: 'postgres'
          postgresql password: 'postgres'
@@ -1,4 +1,4 @@
 from pretix.settings import *

 LOGGING['handlers']['mail_admins']['include_html'] = True
-STATICFILES_STORAGE = 'django.contrib.staticfiles.storage.ManifestStaticFilesStorage'
+STORAGES["staticfiles"]["BACKEND"] = 'django.contrib.staticfiles.storage.ManifestStaticFilesStorage'
@@ -37,7 +37,7 @@ you to execute a piece of code with a different locale:
 This is very useful e.g. when sending an email to a user that has a different language than the user performing the
 action that causes the mail to be sent.

-.. _translation features: https://docs.djangoproject.com/en/1.9/topics/i18n/translation/
+.. _translation features: https://docs.djangoproject.com/en/4.2/topics/i18n/translation/
 .. _GNU gettext: https://www.gnu.org/software/gettext/
 .. _strings: https://django-i18nfield.readthedocs.io/en/latest/strings.html
 .. _database fields: https://django-i18nfield.readthedocs.io/en/latest/quickstart.html
@@ -15,25 +15,33 @@ and the admin panel is available at ``https://pretix.eu/control/event/bigorg/awe

 If the organizer now configures a custom domain like ``tickets.bigorg.com``, his event will
 from now on be available on ``https://tickets.bigorg.com/awesomecon/``. The former URL at
-``pretix.eu`` will redirect there. However, the admin panel will still only be available
-on ``pretix.eu`` for convenience and security reasons.
+``pretix.eu`` will redirect there. It's also possible to do this for just an event, in which
+case the event will be available on ``https://tickets.awesomecon.org/``.
+
+However, the admin panel will still only be available on ``pretix.eu`` for convenience and security reasons.

 URL routing
 -----------

 The hard part about implementing this URL routing in Django is that
 ``https://pretix.eu/bigorg/awesomecon/`` contains two parameters of nearly arbitrary content
-and ``https://tickets.bigorg.com/awesomecon/`` contains only one. The only robust way to do
-this is by having *separate* URL configuration for those two cases. In pretix, we call the
-former our ``maindomain`` config and the latter our ``subdomain`` config. For pretix's core
-modules we do some magic to avoid duplicate configuration, but for a fairly simple plugin with
-only a handful of routes, we recommend just configuring the two URL sets separately.
+and ``https://tickets.bigorg.com/awesomecon/`` contains only one and ``https://tickets.awesomecon.org/`` does not contain any.
+The only robust way to do this is by having *separate* URL configuration for those three cases.

+In pretix, we therefore do not have a global URL configuration, but three, living in the following modules:
+
+- ``pretix.multidomain.maindomain_urlconf``
+- ``pretix.multidomain.organizer_domain_urlconf``
+- ``pretix.multidomain.event_domain_urlconf``
+
+We provide some helper utilities to work with these to avoid duplicate configuration of the individual URLs.
 The file ``urls.py`` inside your plugin package will be loaded and scanned for URL configuration
 automatically and should be provided by any plugin that provides any view.
+However, unlike plain Django, we look not only for a ``urlpatterns`` attribute on the module but support other
+attributes like ``event_patterns`` and ``organizer_patterns`` as well.

-A very basic example that provides one view in the admin panel and one view in the frontend
-could look like this::
+For example, for a simple plugin that adds one URL to the backend and one event-level URL to the frontend, you can
+create the following configuration in your ``urls.py``::

    from django.urls import re_path

@@ -52,7 +60,7 @@ could look like this::
    As you can see, the view in the frontend is not included in the standard Django ``urlpatterns``
    setting but in a separate list with the name ``event_patterns``. This will automatically prepend
    the appropriate parameters to the regex (e.g. the event or the event and the organizer, depending
-    on the called domain).
+    on the called domain). For organizer-level views, ``organizer_patterns`` works the same way.

 If you only provide URLs in the admin area, you do not need to provide a ``event_patterns`` attribute.

@@ -71,11 +79,16 @@ is a python method that emulates a behavior similar to ``reverse``:

 .. autofunction:: pretix.multidomain.urlreverse.eventreverse

+If you need to communicate the URL externally, you can use a different method to ensure that it is always an absolute URL:
+
+.. autofunction:: pretix.multidomain.urlreverse.build_absolute_uri
+
 In addition, there is a template tag that works similar to ``url`` but takes an event or organizer object
 as its first argument and can be used like this::

    {% load eventurl %}
    <a href="{% eventurl request.event "presale:event.checkout" step="payment" %}">Pay</a>
+    <a href="{% abseventurl request.event "presale:event.checkout" step="payment" %}">Pay</a>


 Implementation details
@@ -12,3 +12,4 @@ Developer documentation
   api/index
   structure
   translation/index
+   nfc/index
@@ -0,0 +1,15 @@
+NFC media
+=========
+
+pretix supports using NFC chips as "reusable media", for example to store gift cards or tickets.
+
+Most of this implementation currently lives in our proprietary app pretixPOS, but in the future might also become part of our open-source pretixSCAN solution.
+Either way, we want this to be an open ecosystem and therefore document the exact mechanisms in use on the following pages.
+
+We support multiple implementations of NFC media, each documented on its own page:
+
+.. toctree::
+   :maxdepth: 2
+
+   uid
+   mf0aes
@@ -0,0 +1,113 @@
+Mifare Ultralight AES
+=====================
+
+We offer an implementation that provides a higher security level than the UID-based approach and uses the `Mifare Ultralight AES`_ chip sold by NXP.
+We believe the security model of this approach is adequate to the situation where this will usually be used and we'll outline known risks below.
+
+If you want to dive deeper into the properties of the Mifare Ultralight AES chip, we recommend reading the `data sheet`_.
+
+Random UIDs
+-----------
+
+Mifare Ultralight AES supports a feature that returns a randomized UID every time a non-authenticated user tries to
+read the UID. This has a strong privacy benefit, since no unauthorized entity can use the NFC chips to track users.
+On the other hand, this reduces interoperability of the system. For example, this prevents you from using the same NFC
+chips for a different purpose where you only need the UID. This will also prevent your guests from reading their UID
+themselves with their phones, which might be useful e.g. in debugging situations.
+
+Since there's no one-size-fits-all choice here, you can enable or disable this feature in the pretix organizer
+settings. If you change it, the change will apply to all newly encoded chips after the change.
+
+Key management
+--------------
+
+For every organizer, the server will generate create a "key set", which consists of a publicly known ID (random 32-bit integer) and two 16-byte keys ("diversification key" and "UID key").
+
+Using our :ref:`Device authentication mechanism <rest-deviceauth>`, an authorized device can submit a locally generated RSA public key to the server.
+This key can no longer changed on the server once it is set, thus protecting against the attack scenario of a leaked device API token.
+
+The server will then include key sets in the response to ``/api/v1/device/info``, encrypted with the device's RSA key.
+This includes all key sets generated for the organizer the device belongs to, as well as all keys of organizers that have granted sufficient access to this organizer.
+
+The device will decrypt the key sets using its RSA key and store the key sets locally.
+
+.. warning:: The device **will** have access to the raw key sets. Therefore, there is a risk of leaked master keys if an
+             authorized device is stolen or abused. Our implementation in pretixPOS attempts to make this very hard on
+             modern, non-rooted Android devices by keeping them encrypted with the RSA key and only storing the RSA key
+             in the hardware-backed keystore of the device. A sufficiently motivated attacker, however, will likely still
+             be able to extract the keys from a stolen device.
+
+Encoding a chip
+---------------
+
+When a new chip is encoded, the following steps will be taken:
+
+- The UID of the chip is retrieved.
+
+- A chip-specific key is generated using the mechanism documented in `AN10922`_ using the "diversification key" from the
+  organizer's key set as the CMAC key and the diversification input concatenated in the from of ``0x01 + UID + APPID + SYSTEMID``
+  with the following values:
+
+  - The UID of the chip as ``UID``
+
+  - ``"eu.pretix"`` (``0x65 0x75 0x2e 0x70 0x72 0x65 0x74 0x69 0x78``) as ``APPID``
+
+  - The ``public_id`` from the organizer's key set as a 4-byte big-endian value as ``SYSTEMID``
+
+- The chip-specific key is written to the chip as the "data protection key" (config pages 0x30 to 0x33)
+
+- The UID key from the organizer's key set is written to the chip as the "UID retrieval key" (config pages 0x34 to 0x37)
+
+- The config page 0x29 is set like this:
+
+  - ``RID_ACT`` (random UID) to ``1`` or ``0`` based on the organizer's configuration
+  - ``SEC_MSG_ACT`` (secure messaging) to ``1``
+  - ``AUTH0`` (first page that needs authentication) to 0x04 (first non-UID page)
+
+- The config page 0x2A is set like this:
+
+  - ``PROT`` to ``0`` (only write access restricted, not read access)
+  - ``AUTHLIM`` to ``256`` (maximum number of wrong authentications before "self-desctruction")
+  - Everything else to its default value (no lock bits are set)
+
+- The ``public_id`` of the key set will be written to page 0x04 as a big-endian value
+
+- The UID of the chip will be registered as a reusable medium on the server.
+
+.. warning:: During encoding, the chip-specific key and the UID key are transmitted in plain text over the air. The
+             security model therefore relies on the encoding of chips being performed in a trusted physical environment
+             to prevent a nearby attacker from sniffing the keys with a strong antenna.
+
+.. note:: If an attacker tries to authenticate with the chip 256 times using the wrong key, the chip will become
+          unusable. A chip may also become unusable if it is detached from the reader in the middle of the encoding
+          process (even though we've tried to implement it in a way that makes this unlikely).
+
+Usage
+-----
+
+When a chip is presented to the NFC reader, the following steps will be taken:
+
+- Command ``GET_VERSION`` is used to determine if it is a Mifare Ultralight AES chip (if not, abort).
+
+- Page 0x04 is read. If it is all zeroes, the chip is considered un-encoded (abort). If it contains a value that
+  corresponds to the ``public_id`` of a known key set, this key set is used for all further operations. If it contains
+  a different value, we consider this chip to belong to a different organizer or not to a pretix system at all (abort).
+
+- An authentication with the chip using the UID key is performed.
+
+- The UID of the chip will be read.
+
+- The chip-specific key will be derived using the mechanism described above in the encoding step.
+
+- An authentication with the chip using the chip-specific key is performed. If this is fully successful, this step
+  proves that the chip knows the same chip-specific key as we do and is therefore an authentic chip encoded by us and
+  we can trust its UID value.
+
+- The UID is transmitted to the server to fetch the correct medium.
+
+During these steps, the keys are never transmitted in plain text and can thus not be sniffed by a nearby attacker
+with a strong antenna.
+
+.. _Mifare Ultralight AES: https://www.nxp.com/products/rfid-nfc/mifare-hf/mifare-ultralight/mifare-ultralight-aes-enhanced-security-for-limited-use-contactless-applications:MF0AESx20
+.. _data sheet: https://www.nxp.com/docs/en/data-sheet/MF0AES(H)20.pdf
+.. _AN10922: https://www.nxp.com/docs/en/application-note/AN10922.pdf
@@ -0,0 +1,10 @@
+UID-based
+=========
+
+With UID-based NFC, only the unique ID (UID) of the NFC chip is used for identification purposes.
+This can be used with virtually all NFC chips that provide compatibility with the NFC reader in use, typically at least all chips that comply with ISO/IEC 14443-3A.
+
+We make only one restriction: The UID may not start with ``08``, since that usually signifies a randomized UID that changes on every read (which would not be very useful).
+
+.. warning:: The UID-based approach provides only a very low level of security. It is easy to clone a chip with the same
+             UID and impersonate someone else.
@@ -96,6 +96,20 @@ http://localhost:8000/control/ for the admin view.
          port (for example because you develop on `pretixdroid`_), you can check
          `Django's documentation`_ for more options.

+When running the local development webserver, ensure Celery is not configured
+in ``pretix.cfg``. i.e., you should remove anything such as::
+
+    [celery]
+    backend=redis://redis:6379/2
+    broker=redis://redis:6379/2
+
+If you choose to use Celery for development, you must also start a Celery worker
+process::
+
+    celery -A pretix.celery_app worker -l info
+
+However, beware that code changes will not auto-reload within Celery.
+
 .. _`checksandtests`:

 Code checks and unit tests
@@ -36,7 +36,7 @@ dependencies = [
  "css-inline==0.8.*",
  "defusedcsv>=1.1.0",
  "dj-static",
-  "Django==4.1.*",
+  "Django==4.2.*",
  "django-bootstrap3==23.1.*",
  "django-compressor==4.3.*",
  "django-countries==7.5.*",
@@ -90,7 +90,7 @@ dependencies = [
  "pytz-deprecation-shim==0.1.*",
  "pyuca",
  "qrcode==7.4.*",
-  "redis==4.5.*,>=4.5.4",
+  "redis==4.6.*",
  "reportlab==4.0.*",
  "requests==2.31.*",
  "sentry-sdk==1.15.*",
@@ -112,6 +112,7 @@ memcached = ["pylibmc"]
 dev = [
  "coverage",
  "coveralls",
+  "fakeredis==2.18.*",
  "flake8==6.0.*",
  "freezegun",
  "isort==5.12.*",
@@ -19,4 +19,4 @@
 # You should have received a copy of the GNU Affero General Public License along with this program.  If not, see
 # <https://www.gnu.org/licenses/>.
 #
-__version__ = "2023.7.0.dev0"
+__version__ = "2023.8.0.dev0"
@@ -196,7 +196,14 @@ STATICFILES_DIRS = [

 STATICI18N_ROOT = os.path.join(BASE_DIR, "pretix/static")

-STATICFILES_STORAGE = 'django.contrib.staticfiles.storage.ManifestStaticFilesStorage'
+STORAGES = {
+    "default": {
+        "BACKEND": "django.core.files.storage.FileSystemStorage",
+    },
+    "staticfiles": {
+        "BACKEND": "django.contrib.staticfiles.storage.ManifestStaticFilesStorage",
+    },
+}

 # if os.path.exists(os.path.join(DATA_DIR, 'static')):
 #     STATICFILES_DIRS.insert(0, os.path.join(DATA_DIR, 'static'))
@@ -27,6 +27,7 @@ from decimal import Decimal
 import pycountry
 from django.conf import settings
 from django.core.files import File
+from django.db import models
 from django.db.models import F, Q
 from django.utils.encoding import force_str
 from django.utils.timezone import now
@@ -372,11 +373,15 @@ class PdfDataSerializer(serializers.Field):
                self.context['vars_images'] = get_images(self.context['event'])

            for k, f in self.context['vars'].items():
-                try:
-                    res[k] = f['evaluate'](instance, instance.order, ev)
-                except:
-                    logger.exception('Evaluating PDF variable failed')
-                    res[k] = '(error)'
+                if 'evaluate_bulk' in f:
+                    # Will be evaluated later by our list serializers
+                    res[k] = (f['evaluate_bulk'], instance)
+                else:
+                    try:
+                        res[k] = f['evaluate'](instance, instance.order, ev)
+                    except:
+                        logger.exception('Evaluating PDF variable failed')
+                        res[k] = '(error)'

            if not hasattr(ev, '_cached_meta_data'):
                ev._cached_meta_data = ev.meta_data
@@ -429,6 +434,38 @@ class PdfDataSerializer(serializers.Field):
            return res


+class OrderPositionListSerializer(serializers.ListSerializer):
+
+    def to_representation(self, data):
+        # We have a custom implementation of this method because PdfDataSerializer() might keep some elements unevaluated
+        # with a (callable, input) tuple. We'll loop over these entries and evaluate them bulk-wise to save on SQL queries.
+
+        if isinstance(self.parent, OrderSerializer) and isinstance(self.parent.parent, OrderListSerializer):
+            # Do not execute our custom code because it will be executed by OrderListSerializer later for the
+            # full result set.
+            return super().to_representation(data)
+
+        iterable = data.all() if isinstance(data, models.Manager) else data
+
+        data = []
+        evaluate_queue = defaultdict(list)
+
+        for item in iterable:
+            entry = self.child.to_representation(item)
+            if "pdf_data" in entry:
+                for k, v in entry["pdf_data"].items():
+                    if isinstance(v, tuple) and callable(v[0]):
+                        evaluate_queue[v[0]].append((v[1], entry, k))
+            data.append(entry)
+
+        for func, entries in evaluate_queue.items():
+            results = func([item for (item, entry, k) in entries])
+            for (item, entry, k), result in zip(entries, results):
+                entry["pdf_data"][k] = result
+
+        return data
+
+
 class OrderPositionSerializer(I18nAwareModelSerializer):
    checkins = CheckinSerializer(many=True, read_only=True)
    answers = AnswerSerializer(many=True)
@@ -440,6 +477,7 @@ class OrderPositionSerializer(I18nAwareModelSerializer):
    attendee_name = serializers.CharField(required=False)

    class Meta:
+        list_serializer_class = OrderPositionListSerializer
        model = OrderPosition
        fields = ('id', 'order', 'positionid', 'item', 'variation', 'price', 'attendee_name', 'attendee_name_parts',
                  'company', 'street', 'zipcode', 'city', 'country', 'state', 'discount',
@@ -468,6 +506,20 @@ class OrderPositionSerializer(I18nAwareModelSerializer):
    def validate(self, data):
        raise TypeError("this serializer is readonly")

+    def to_representation(self, data):
+        if isinstance(self.parent, (OrderListSerializer, OrderPositionListSerializer)):
+            # Do not execute our custom code because it will be executed by OrderListSerializer later for the
+            # full result set.
+            return super().to_representation(data)
+
+        entry = super().to_representation(data)
+        if "pdf_data" in entry:
+            for k, v in entry["pdf_data"].items():
+                if isinstance(v, tuple) and callable(v[0]):
+                    entry["pdf_data"][k] = v[0]([v[1]])[0]
+
+        return entry
+

 class RequireAttentionField(serializers.Field):
    def to_representation(self, instance: OrderPosition):
@@ -613,6 +665,34 @@ class OrderURLField(serializers.URLField):
        })


+class OrderListSerializer(serializers.ListSerializer):
+
+    def to_representation(self, data):
+        # We have a custom implementation of this method because PdfDataSerializer() might keep some elements
+        # unevaluated with a (callable, input) tuple. We'll loop over these entries and evaluate them bulk-wise to
+        # save on SQL queries.
+        iterable = data.all() if isinstance(data, models.Manager) else data
+
+        data = []
+        evaluate_queue = defaultdict(list)
+
+        for item in iterable:
+            entry = self.child.to_representation(item)
+            for p in entry.get("positions", []):
+                if "pdf_data" in p:
+                    for k, v in p["pdf_data"].items():
+                        if isinstance(v, tuple) and callable(v[0]):
+                            evaluate_queue[v[0]].append((v[1], p, k))
+            data.append(entry)
+
+        for func, entries in evaluate_queue.items():
+            results = func([item for (item, entry, k) in entries])
+            for (item, entry, k), result in zip(entries, results):
+                entry["pdf_data"][k] = result
+
+        return data
+
+
 class OrderSerializer(I18nAwareModelSerializer):
    invoice_address = InvoiceAddressSerializer(allow_null=True)
    positions = OrderPositionSerializer(many=True, read_only=True)
@@ -627,6 +707,7 @@ class OrderSerializer(I18nAwareModelSerializer):

    class Meta:
        model = Order
+        list_serializer_class = OrderListSerializer
        fields = (
            'code', 'status', 'testmode', 'secret', 'email', 'phone', 'locale', 'datetime', 'expires', 'payment_date',
            'payment_provider', 'fees', 'total', 'comment', 'custom_followup_at', 'invoice_address', 'positions', 'downloads',
@@ -166,7 +166,6 @@ class InitializeView(APIView):
        device.software_brand = serializer.validated_data.get('software_brand')
        device.software_version = serializer.validated_data.get('software_version')
        device.info = serializer.validated_data.get('info')
-        print(serializer.validated_data, request.data)
        device.rsa_pubkey = serializer.validated_data.get('rsa_pubkey')
        device.api_token = generate_api_token()
        device.save()
@@ -271,6 +271,8 @@ class SecurityMiddleware(MiddlewareMixin):
                (url.url_name == "event.checkout" and url.kwargs['step'] == "payment")
        ):
            h['script-src'].append('https://pay.google.com')
+            h['frame-src'].append('https://pay.google.com')
+            h['connect-src'].append('https://google.com/pay')
        if settings.LOG_CSP:
            h['report-uri'] = ["/csp_report/"]
        if 'Content-Security-Policy' in resp:
@@ -97,7 +97,7 @@ def _transactions_mark_order_dirty(order_id, using=None):
    if getattr(dirty_transactions, 'order_ids', None) is None:
        dirty_transactions.order_ids = set()

-    if _check_for_dirty_orders not in [func for savepoint_id, func in conn.run_on_commit]:
+    if _check_for_dirty_orders not in [func for (savepoint_id, func, *__) in conn.run_on_commit]:
        transaction.on_commit(_check_for_dirty_orders, using)
        dirty_transactions.order_ids.clear()  # This is necessary to clean up after old threads with rollbacked transactions

@@ -43,6 +43,7 @@ from typing import Optional, Tuple
 from zoneinfo import ZoneInfo

 import dateutil.parser
+import django_redis
 from dateutil.tz import datetime_exists
 from django.conf import settings
 from django.core.exceptions import ValidationError
@@ -57,7 +58,6 @@ from django.utils.functional import cached_property
 from django.utils.timezone import is_naive, make_aware, now
 from django.utils.translation import gettext_lazy as _, pgettext_lazy
 from django_countries.fields import Country
-from django_redis import get_redis_connection
 from django_scopes import ScopedManager
 from i18nfield.fields import I18nCharField, I18nTextField

@@ -1910,8 +1910,13 @@ class Quota(LoggedModel):

    def rebuild_cache(self, now_dt=None):
        if settings.HAS_REDIS:
-            rc = get_redis_connection("redis")
-            rc.hdel(f'quotas:{self.event_id}:availabilitycache', str(self.pk))
+            rc = django_redis.get_redis_connection("redis")
+            p = rc.pipeline()
+            p.hdel(f'quotas:{self.event_id}:availabilitycache', str(self.pk))
+            p.hdel(f'quotas:{self.event_id}:availabilitycache:nocw', str(self.pk))
+            p.hdel(f'quotas:{self.event_id}:availabilitycache:igcl', str(self.pk))
+            p.hdel(f'quotas:{self.event_id}:availabilitycache:nocw:igcl', str(self.pk))
+            p.execute()
            self.availability(now_dt=now_dt)

    def availability(
@@ -88,9 +88,7 @@ class LogEntry(models.Model):

    class Meta:
        ordering = ('-datetime', '-id')
-        index_together = [
-            ['datetime', 'id']
-        ]
+        indexes = [models.Index(fields=["datetime", "id"])]

    def display(self):
        from ..signals import logentry_display
@@ -121,7 +121,10 @@ class ReusableMedium(LoggedModel):

    class Meta:
        unique_together = (("identifier", "type", "organizer"),)
-        index_together = (("identifier", "type", "organizer"), ("updated", "id"))
+        indexes = [
+            models.Index(fields=("identifier", "type", "organizer")),
+            models.Index(fields=("updated", "id")),
+        ]
        ordering = "identifier", "type", "organizer"


@@ -270,9 +270,9 @@ class Order(LockModel, LoggedModel):
        verbose_name = _("Order")
        verbose_name_plural = _("Orders")
        ordering = ("-datetime", "-pk")
-        index_together = [
-            ["datetime", "id"],
-            ["last_modified", "id"],
+        indexes = [
+            models.Index(fields=["datetime", "id"]),
+            models.Index(fields=["last_modified", "id"]),
        ]

    def __str__(self):
@@ -907,6 +907,11 @@ class Order(LockModel, LoggedModel):
            return self.expires

        expires = self.expires.date() + timedelta(days=delay)
+        if self.event.settings.get('payment_term_weekdays'):
+            if expires.weekday() == 5:
+                expires += timedelta(days=2)
+            elif expires.weekday() == 6:
+                expires += timedelta(days=1)

        tz = ZoneInfo(self.event.settings.timezone)
        expires = make_aware(datetime.combine(
@@ -1671,7 +1676,7 @@ class OrderPayment(models.Model):
        """
        Marks the order as failed and sets info to ``info``, but only if the order is in ``created`` or ``pending``
        state. This is equivalent to setting ``state`` to ``OrderPayment.PAYMENT_STATE_FAILED`` and logging a failure,
-        but it adds strong database logging since we do not want to report a failure for an order that has just
+        but it adds strong database locking since we do not want to report a failure for an order that has just
        been marked as paid.
        :param send_mail: Whether an email should be sent to the user about this event (default: ``True``).
        """
@@ -2751,8 +2756,8 @@ class Transaction(models.Model):

    class Meta:
        ordering = 'datetime', 'pk'
-        index_together = [
-            ['datetime', 'id']
+        indexes = [
+            models.Index(fields=['datetime', 'id'])
        ]

    def save(self, *args, **kwargs):
@@ -805,7 +805,7 @@ class QuestionColumn(ImportColumn):
                return self.q.clean_answer(value)

    def assign(self, value, order, position, invoice_address, **kwargs):
-        if value:
+        if value is not None:
            if not hasattr(order, '_answers'):
                order._answers = []
            if isinstance(value, QuestionOption):
@@ -108,7 +108,10 @@ DEFAULT_VARIABLES = OrderedDict((
    ("positionid", {
        "label": _("Order position number"),
        "editor_sample": "1",
-        "evaluate": lambda orderposition, order, event: str(orderposition.positionid)
+        "evaluate": lambda orderposition, order, event: str(orderposition.positionid),
+        # There is no performance gain in using evaluate_bulk here, but we want to make sure it is used somewhere
+        # in core to make sure we notice if the implementation of the API breaks.
+        "evaluate_bulk": lambda orderpositions: [str(p.positionid) for p in orderpositions],
    }),
    ("order_positionid", {
        "label": _("Order code and position number"),
@@ -2476,6 +2476,11 @@ class OrderChangeManager:
            split_order.status = Order.STATUS_PAID
        else:
            split_order.status = Order.STATUS_PENDING
+            if self.order.status == Order.STATUS_PAID:
+                split_order.set_expires(
+                    now(),
+                    list(set(p.subevent_id for p in split_positions))
+                )
        split_order.save()

        if offset_amount > Decimal('0.00'):
@@ -24,13 +24,13 @@ import time
 from collections import Counter, defaultdict
 from itertools import zip_longest

+import django_redis
 from django.conf import settings
 from django.db import models
 from django.db.models import (
    Case, Count, F, Func, Max, OuterRef, Q, Subquery, Sum, Value, When,
 )
 from django.utils.timezone import now
-from django_redis import get_redis_connection

 from pretix.base.models import (
    CartPosition, Checkin, Order, OrderPosition, Quota, Voucher,
@@ -102,6 +102,12 @@ class QuotaAvailability:
        self.count_waitinglist = defaultdict(int)
        self.count_cart = defaultdict(int)

+        self._cache_key_suffix = ""
+        if not self._count_waitinglist:
+            self._cache_key_suffix += ":nocw"
+        if self._ignore_closed:
+            self._cache_key_suffix += ":igcl"
+
        self.sizes = {}

    def queue(self, *quota):
@@ -121,17 +127,14 @@ class QuotaAvailability:
            if self._full_results:
                raise ValueError("You cannot combine full_results and allow_cache.")

-            elif not self._count_waitinglist:
-                raise ValueError("If you set allow_cache, you need to set count_waitinglist.")
-
            elif settings.HAS_REDIS:
-                rc = get_redis_connection("redis")
+                rc = django_redis.get_redis_connection("redis")
                quotas_by_event = defaultdict(list)
                for q in [_q for _q in self._queue if _q.id in quota_ids_set]:
                    quotas_by_event[q.event_id].append(q)

                for eventid, evquotas in quotas_by_event.items():
-                    d = rc.hmget(f'quotas:{eventid}:availabilitycache', [str(q.pk) for q in evquotas])
+                    d = rc.hmget(f'quotas:{eventid}:availabilitycache{self._cache_key_suffix}', [str(q.pk) for q in evquotas])
                    for redisval, q in zip(d, evquotas):
                        if redisval is not None:
                            data = [rv for rv in redisval.decode().split(',')]
@@ -164,12 +167,12 @@ class QuotaAvailability:
        if not settings.HAS_REDIS or not quotas:
            return

-        rc = get_redis_connection("redis")
+        rc = django_redis.get_redis_connection("redis")
        # We write the computed availability to redis in a per-event hash as
        #
        #   quota_id -> (availability_state, availability_number, timestamp).
        #
-        # We store this in a hash instead of inidividual values to avoid making two many redis requests
+        # We store this in a hash instead of individual values to avoid making too many redis requests
        # which would introduce latency.

        # The individual entries in the hash are "valid" for 120 seconds. This means in a typical peak scenario with
@@ -179,16 +182,16 @@ class QuotaAvailability:
        # these quotas. We choose 10 seconds since that should be well above the duration of a write.

        lock_name = '_'.join([str(p) for p in sorted([q.pk for q in quotas])])
-        if rc.exists(f'quotas:availabilitycachewrite:{lock_name}'):
+        if rc.exists(f'quotas:availabilitycachewrite:{lock_name}{self._cache_key_suffix}'):
            return
-        rc.setex(f'quotas:availabilitycachewrite:{lock_name}', '1', 10)
+        rc.setex(f'quotas:availabilitycachewrite:{lock_name}{self._cache_key_suffix}', '1', 10)

        update = defaultdict(list)
        for q in quotas:
            update[q.event_id].append(q)

        for eventid, quotas in update.items():
-            rc.hmset(f'quotas:{eventid}:availabilitycache', {
+            rc.hmset(f'quotas:{eventid}:availabilitycache{self._cache_key_suffix}', {
                str(q.id): ",".join(
                    [str(i) for i in self.results[q]] +
                    [str(int(time.time()))]
@@ -197,7 +200,7 @@ class QuotaAvailability:
            # To make sure old events do not fill up our redis instance, we set an expiry on the cache. However, we set it
            # on 7 days even though we mostly ignore values older than 2 monites. The reasoning is that we have some places
            # where we set allow_cache_stale and use the old entries anyways to save on performance.
-            rc.expire(f'quotas:{eventid}:availabilitycache', 3600 * 24 * 7)
+            rc.expire(f'quotas:{eventid}:availabilitycache{self._cache_key_suffix}', 3600 * 24 * 7)

        # We used to also delete item_quota_cache:* from the event cache here, but as the cache
        # gets more complex, this does not seem worth it. The cache is only present for up to
@@ -941,9 +941,9 @@ DEFAULTS = {
        'form_kwargs': dict(
            label=_('Expiration delay'),
            help_text=_("The order will only actually expire this many days after the expiration date communicated "
-                        "to the customer. However, this will not delay beyond the \"last date of payments\" "
-                        "configured above, which is always enforced. The delay may also end on a weekend regardless "
-                        "of the other settings above."),
+                        "to the customer. If you select \"Only end payment terms on weekdays\" above, this will also "
+                        "be respected. However, this will not delay beyond the \"last date of payments\" "
+                        "configured above, which is always enforced."),
            # Every order in between the official expiry date and the delayed expiry date has a performance penalty
            # for the cron job, so we limit this feature to 30 days to prevent arbitrary numbers of orders needing
            # to be checked.
@@ -683,12 +683,16 @@ dictionaries as values that contain keys like in the following example::
        "product": {
            "label": _("Product name"),
            "editor_sample": _("Sample product"),
-            "evaluate": lambda orderposition, order, event: str(orderposition.item)
+            "evaluate": lambda orderposition, order, event: str(orderposition.item),
+            "evaluate_bulk": lambda orderpositions: [str(op.item) for op in orderpositions],
        }
    }

 The ``evaluate`` member will be called with the order position, order and event as arguments. The event might
 also be a subevent, if applicable.
+
+The ``evaluate_bulk`` member is optional but can significantly improve performance in some situations because you
+can perform database fetches in bulk instead of single queries for every position.
 """


@@ -1732,8 +1732,8 @@ class CheckinListAttendeeFilterForm(FilterForm):
        '-timestamp': (OrderBy(F('last_entry'), nulls_last=True, descending=True), '-order__code'),
        'item': ('item__name', 'variation__value', 'order__code'),
        '-item': ('-item__name', '-variation__value', '-order__code'),
-        'seat': ('seat__sorting_rank', 'seat__guid'),
-        '-seat': ('-seat__sorting_rank', '-seat__guid'),
+        'seat': ('seat__sorting_rank', 'seat__seat_guid'),
+        '-seat': ('-seat__sorting_rank', '-seat__seat_guid'),
        'date': ('subevent__date_from', 'subevent__id', 'order__code'),
        '-date': ('-subevent__date_from', 'subevent__id', '-order__code'),
        'name': {'_order': F('display_name').asc(nulls_first=True),
@@ -1940,7 +1940,7 @@ class VoucherFilterForm(FilterForm):
            'item__category__position',
            'item__category',
            'item__position',
-            'item__variation__position',
+            'variation__position',
            'quota__name',
        ),
        'subevent': 'subevent__date_from',
@@ -1950,7 +1950,7 @@ class VoucherFilterForm(FilterForm):
            '-item__category__position',
            '-item__category',
            '-item__position',
-            '-item__variation__position',
+            '-variation__position',
            '-quota__name',
        )
    }
@@ -461,11 +461,6 @@ class ItemCreateForm(I18nModelForm):
                )

        if self.cleaned_data.get('copy_from'):
-            for mv in self.cleaned_data['copy_from'].meta_values.all():
-                mv.pk = None
-                mv.item = instance
-                mv.save(force_insert=True)
-
            for question in self.cleaned_data['copy_from'].questions.all():
                question.items.add(instance)
                question.log_action('pretix.event.question.changed', user=self.user, data={
@@ -341,6 +341,7 @@ def pretixcontrol_logentry_display(sender: Event, logentry: LogEntry, **kwargs):
        'pretix.giftcards.acceptance.added': _('Gift card acceptance for another organizer has been added.'),
        'pretix.giftcards.acceptance.removed': _('Gift card acceptance for another organizer has been removed.'),
        'pretix.giftcards.acceptance.acceptor.invited': _('A new gift card acceptor has been invited.'),
+        'pretix.giftcards.acceptance.acceptor.removed': _('A gift card acceptor has been removed.'),
        'pretix.giftcards.acceptance.issuer.removed': _('A gift card issuer has been removed or declined.'),
        'pretix.giftcards.acceptance.issuer.accepted': _('A new gift card issuer has been accepted.'),
        'pretix.webhook.created': _('The webhook has been created.'),
@@ -0,0 +1,27 @@
+{% load i18n %}
+<ul class="dropdown-menu dropdown-menu-right">
+    <li>
+        <a href="{% url "control:event.qrcode" event=request.event.slug organizer=request.organizer.slug filetype="png" %}{% if url %}?url={{ url|urlencode }}{% endif %}"
+           target="_blank" download>
+            {% blocktrans with filetype="PNG" %}Download QR code as {{ filetype }} image{% endblocktrans %}
+        </a>
+    </li>
+    <li>
+        <a href="{% url "control:event.qrcode" event=request.event.slug organizer=request.organizer.slug filetype="svg" %}{% if url %}?url={{ url|urlencode }}{% endif %}"
+           target="_blank" download>
+            {% blocktrans with filetype="SVG" %}Download QR code as {{ filetype }} image{% endblocktrans %}
+        </a>
+    </li>
+    <li>
+        <a href="{% url "control:event.qrcode" event=request.event.slug organizer=request.organizer.slug filetype="jpeg" %}{% if url %}?url={{ url|urlencode }}{% endif %}"
+           target="_blank" download>
+            {% blocktrans with filetype="JPG" %}Download QR code as {{ filetype }} image{% endblocktrans %}
+        </a>
+    </li>
+    <li>
+        <a href="{% url "control:event.qrcode" event=request.event.slug organizer=request.organizer.slug filetype="gif" %}{% if url %}?url={{ url|urlencode }}{% endif %}"
+           target="_blank" download>
+            {% blocktrans with filetype="GIF" %}Download QR code as {{ filetype }} image{% endblocktrans %}
+        </a>
+    </li>
+</ul>
@@ -27,28 +27,7 @@
            <button type="button" class="btn btn-default btn-xs dropdown-toggle" data-toggle="dropdown" title="{% trans "Create QR code" %}" aria-haspopup="true" aria-expanded="false">
                <i class="fa fa-qrcode" aria-hidden="true"></i>
            </button>
-            <ul class="dropdown-menu dropdown-menu-right">
-                <li>
-                    <a href="{% url "control:event.qrcode" event=request.event.slug organizer=request.organizer.slug filetype="png" %}" target="_blank" download>
-                        {% blocktrans with filetype="PNG" %}Download QR code as {{ filetype }} image{% endblocktrans %}
-                    </a>
-                </li>
-                <li>
-                    <a href="{% url "control:event.qrcode" event=request.event.slug organizer=request.organizer.slug filetype="svg" %}" target="_blank" download>
-                        {% blocktrans with filetype="SVG" %}Download QR code as {{ filetype }} image{% endblocktrans %}
-                    </a>
-                </li>
-                <li>
-                    <a href="{% url "control:event.qrcode" event=request.event.slug organizer=request.organizer.slug filetype="jpeg" %}" target="_blank" download>
-                        {% blocktrans with filetype="JPG" %}Download QR code as {{ filetype }} image{% endblocktrans %}
-                    </a>
-                </li>
-                <li>
-                    <a href="{% url "control:event.qrcode" event=request.event.slug organizer=request.organizer.slug filetype="gif" %}" target="_blank" download>
-                        {% blocktrans with filetype="GIF" %}Download QR code as {{ filetype }} image{% endblocktrans %}
-                    </a>
-                </li>
-            </ul>
+            {% include "pretixcontrol/event/fragment_qr_dropdown.html" with url=0 %}
        </div>
        <div class="clearfix"></div>
    </div>
@@ -337,7 +337,7 @@
                <div class="alert alert-info">
                    {% blocktrans trimmed %}
                        The waiting list currently is not compatible with some advanced features of pretix such as
-                        add-on products or product bundles.
+                        hidden products, add-on products or product bundles.
                    {% endblocktrans %}
                </div>
                <div class="alert alert-info">
@@ -187,7 +187,7 @@
                        {% endif %}
                        {% for f in plugin_forms %}
                            {% if f.is_layouts and not f.title %}
-                                {% if f.template %}
+                                {% if f.template and not "template" in f.fields %}
                                    {% include f.template with form=f %}
                                {% else %}
                                    {% bootstrap_form f layout="control" %}
@@ -261,7 +261,7 @@
                        {% bootstrap_field form.show_quota_left layout="control" %}
                        {% for f in plugin_forms %}
                            {% if not f.is_layouts and not f.title %}
-                                {% if f.template %}
+                                {% if f.template and not "template" in f.fields %}
                                    {% include f.template with form=f %}
                                {% else %}
                                    {% bootstrap_form f layout="control" %}
@@ -273,7 +273,7 @@
                        {% if not f.is_layouts and f.title %}
                            <fieldset>
                                <legend>{{ f.title }}</legend>
-                                {% if f.template %}
+                                {% if f.template and not "template" in f.fields %}
                                    {% include f.template with form=f %}
                                {% else %}
                                    {% bootstrap_form f layout="control" %}
@@ -69,7 +69,7 @@
        <td></td>
        <td class="text-right flip">
            <strong>
-                {{ sums.count }}
+                {{ sums.sum_count }}
            </strong>
        </td>
        <td></td>
@@ -295,6 +295,11 @@
                        {% bootstrap_field sform.invoice_regenerate_allowed layout="control" %}
                    </fieldset>
                </div>
+                <div class="form-group submit-group">
+                    <button type="submit" class="btn btn-primary btn-save">
+                        {% trans "Save" %}
+                    </button>
+                </div>
            </div>
            <div class="col-xs-12 col-lg-2">
                <div class="panel panel-default">
@@ -307,10 +312,5 @@
                </div>
            </div>
        </div>
-        <div class="form-group submit-group">
-            <button type="submit" class="btn btn-primary btn-save">
-                {% trans "Save" %}
-            </button>
-        </div>
    </form>
 {% endblock %}
@@ -42,10 +42,18 @@
                        <div class="form-group">
                            <label class="col-md-3 control-label" for="id_url">{% trans "Voucher link" %}</label>
                            <div class="col-md-9">
-                                <input type="text" name="url"
-                                        value="{% abseventurl request.event "presale:event.redeem" %}?voucher={{ voucher.code|urlencode }}{% if voucher.subevent_id %}&subevent={{ voucher.subevent_id }}{% endif %}"
-                                        class="form-control"
-                                        id="id_url" readonly>
+                                <div class="input-group">
+                                    <input type="text" name="url"
+                                            value="{{ url }}"
+                                            class="form-control"
+                                            id="id_url" readonly>
+                                    <div class="input-group-btn">
+                                        <button type="button" class="btn btn-default dropdown-toggle" data-toggle="dropdown" title="{% trans "Create QR code" %}" aria-haspopup="true" aria-expanded="false">
+                                            <i class="fa fa-qrcode" aria-hidden="true"></i>
+                                        </button>
+                                        {% include "pretixcontrol/event/fragment_qr_dropdown.html" with url=url %}
+                                    </div>
+                                </div>
                            </div>
                        </div>
                    {% endif %}
@@ -96,7 +96,9 @@
                    <tr>
                        <th>
                            {% if "can_change_vouchers" in request.eventpermset %}
-                                <input type="checkbox" data-toggle-table />
+                                <label aria-label="{% trans "select all rows for batch-operation" %}" class="batch-select-label">
+                                    <input type="checkbox" data-toggle-table />
+                                </label>
                            {% endif %}
                        </th>
                        <th>
@@ -139,7 +141,9 @@
                        <tr>
                            <td>
                                {% if "can_change_vouchers" in request.eventpermset %}
-                                    <input type="checkbox" name="voucher" class="" value="{{ v.pk }}"/>
+                                    <label aria-label="{% trans "select row for batch-operation" %}" class="batch-select-label">
+                                        <input type="checkbox" name="voucher" class="batch-select-checkbox" value="{{ v.pk }}"/>
+                                    </label>
                                {% endif %}
                            </td>
                            <td>
@@ -194,9 +198,12 @@
                </table>
            </div>
            {% if "can_change_vouchers" in request.eventpermset %}
-                <button type="submit" class="btn btn-default btn-save" name="action" value="delete">
-                    {% trans "Delete selected" %}
-                </button>
+                <div class="batch-select-actions">
+                    <button type="submit" class="btn btn-danger" name="action" value="delete">
+                        <i class="fa fa-trash" aria-hidden="true"></i>
+                        {% trans "Delete selected" %}
+                    </button>
+                </div>
            {% endif %}
        </form>
        {% include "pretixcontrol/pagination.html" %}
@@ -40,7 +40,7 @@ from collections import OrderedDict
 from decimal import Decimal
 from io import BytesIO
 from itertools import groupby
-from urllib.parse import urlsplit
+from urllib.parse import urlparse, urlsplit
 from zoneinfo import ZoneInfo

 import bleach
@@ -50,6 +50,7 @@ from django.apps import apps
 from django.conf import settings
 from django.contrib import messages
 from django.contrib.contenttypes.models import ContentType
+from django.core.exceptions import PermissionDenied
 from django.core.files import File
 from django.db import transaction
 from django.db.models import ProtectedError
@@ -61,6 +62,7 @@ from django.http import (
 from django.shortcuts import get_object_or_404, redirect
 from django.urls import reverse
 from django.utils.functional import cached_property
+from django.utils.http import url_has_allowed_host_and_scheme
 from django.utils.timezone import now
 from django.utils.translation import gettext, gettext_lazy as _, gettext_noop
 from django.views.generic import FormView, ListView
@@ -1530,6 +1532,12 @@ class EventQRCode(EventPermissionRequiredMixin, View):
    def get(self, request, *args, filetype, **kwargs):
        url = build_absolute_uri(request.event, 'presale:event.index')

+        if "url" in request.GET:
+            if url_has_allowed_host_and_scheme(request.GET["url"], allowed_hosts=[urlparse(url).netloc]):
+                url = request.GET["url"]
+            else:
+                raise PermissionDenied("Untrusted URL")
+
        qr = qrcode.QRCode(
            version=1,
            error_correction=qrcode.constants.ERROR_CORRECT_M,
@@ -1188,30 +1188,46 @@ class MetaDataEditorMixin:

    @cached_property
    def meta_forms(self):
-        if hasattr(self, 'object') and self.object:
+        if getattr(self, 'object', None):
            val_instances = {
                v.property_id: v for v in self.object.meta_values.all()
            }
        else:
            val_instances = {}

+        if getattr(self, 'copy_from', None):
+            defaults = {
+                v.property_id: v.value for v in self.copy_from.meta_values.all()
+            }
+        else:
+            defaults = {}
+
        formlist = []

        for p in self.request.event.item_meta_properties.all():
-            formlist.append(self._make_meta_form(p, val_instances))
+            formlist.append(self._make_meta_form(p, val_instances, defaults))
        return formlist

-    def _make_meta_form(self, p, val_instances):
+    def _make_meta_form(self, p, val_instances, defaults):
        return self.meta_form(
            prefix='prop-{}'.format(p.pk),
            property=p,
-            instance=val_instances.get(p.pk, self.meta_model(property=p, item=self.object)),
+            instance=val_instances.get(
+                p.pk,
+                self.meta_model(
+                    property=p,
+                    item=self.object if getattr(self, 'object', None) else None,
+                    value=defaults.get(p.pk, None)
+                )
+            ),
            data=(self.request.POST if self.request.method == "POST" else None)
        )

    def save_meta(self):
        for f in self.meta_forms:
            if f.cleaned_data.get('value'):
+                if not f.instance.item_id:
+                    f.instance.item = self.object
                f.save()
            elif f.instance and f.instance.pk:
                f.instance.delete()
@@ -1257,6 +1273,7 @@ class ItemCreate(EventPermissionRequiredMixin, MetaDataEditorMixin, CreateView):
        messages.success(self.request, _('Your changes have been saved.'))

        ret = super().form_valid(form)
+        self.save_meta()
        form.instance.log_action('pretix.event.item.added', user=self.request.user, data={
            k: (form.cleaned_data.get(k).name
                if isinstance(form.cleaned_data.get(k), File)
@@ -1283,6 +1300,14 @@ class ItemCreate(EventPermissionRequiredMixin, MetaDataEditorMixin, CreateView):
        ctx['meta_forms'] = self.meta_forms
        return ctx

+    def post(self, request, *args, **kwargs):
+        self.object = None
+        form = self.get_form()
+        if form.is_valid() and all([f.is_valid() for f in self.meta_forms]):
+            return self.form_valid(form)
+        else:
+            return self.form_invalid(form)
+

 class ItemUpdateGeneral(ItemDetailMixin, EventPermissionRequiredMixin, MetaDataEditorMixin, UpdateView):
    form_class = ItemUpdateForm
@@ -418,7 +418,7 @@ class OrderTransactions(OrderView):
            'item', 'variation', 'subevent'
        ).order_by('datetime')
        ctx['sums'] = self.order.transactions.aggregate(
-            count=Sum('count'),
+            sum_count=Sum('count'),
            full_price=Sum(F('count') * F('price')),
            full_tax_value=Sum(F('count') * F('tax_value')),
        )
@@ -546,7 +546,7 @@ def variations_select2(request, **kwargs):
        F('item__category__position').asc(nulls_first=True),
        'item__category_id',
        'item__position',
-        'item__pk'
+        'item__pk',
        'position',
        'value'
    ).select_related('item')
@@ -718,7 +718,7 @@ def itemvarquota_select2(request, **kwargs):
            itemqs = request.event.items.prefetch_related('variations').filter(
                Q(name__icontains=i18ncomp(query)) | Q(internal_name__icontains=query)
            )
-            quotaqs = request.event.quotas.filter(quotaf).select_related('subevent')
+            quotaqs = request.event.quotas.filter(quotaf).select_related('subevent').order_by('-subevent__date_from', 'name')
            more = False
        else:
            if page == 1:
@@ -727,7 +727,7 @@ def itemvarquota_select2(request, **kwargs):
                )
            else:
                itemqs = request.event.items.none()
-            quotaqs = request.event.quotas.filter(name__icontains=query).select_related('subevent')
+            quotaqs = request.event.quotas.filter(name__icontains=query).select_related('subevent').order_by('-subevent__date_from', 'name')
            total = quotaqs.count()
            pagesize = 20
            offset = (page - 1) * pagesize
@@ -34,6 +34,7 @@
 # License for the specific language governing permissions and limitations under the License.

 import io
+from urllib.parse import urlencode

 import bleach
 from defusedcsv import csv
@@ -75,6 +76,7 @@ from pretix.control.views import PaginationMixin
 from pretix.helpers.compat import CompatDeleteView
 from pretix.helpers.format import format_map
 from pretix.helpers.models import modelcopy
+from pretix.multidomain.urlreverse import build_absolute_uri


 class VoucherList(PaginationMixin, EventPermissionRequiredMixin, ListView):
@@ -315,6 +317,13 @@ class VoucherUpdate(EventPermissionRequiredMixin, UpdateView):
            expires__gte=now()
        ).count()
        ctx['redeemed_in_carts'] = redeemed_in_carts
+
+        url_params = {
+            'voucher': self.object.code
+        }
+        if self.object.subevent_id:
+            url_params['subevent'] = self.object.subevent_id
+        ctx['url'] = build_absolute_uri(self.request.event, "presale:event.redeem") + "?" + urlencode(url_params)
        return ctx


@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2023-07-21 13:02+0000\n"
+"POT-Creation-Date: 2023-07-27 11:50+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -7,7 +7,7 @@ msgstr ""
 "Project-Id-Version: French\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2023-07-21 11:46+0000\n"
-"PO-Revision-Date: 2023-07-19 17:00+0000\n"
+"PO-Revision-Date: 2023-08-02 02:00+0000\n"
 "Last-Translator: Ronan LE MEILLAT <ronan.le_meillat@highcanfly.club>\n"
 "Language-Team: French <https://translate.pretix.eu/projects/pretix/pretix-js/"
 "fr/>\n"
@@ -16,7 +16,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=n > 1;\n"
-"X-Generator: Weblate 4.17\n"
+"X-Generator: Weblate 4.18.2\n"

 #: pretix/plugins/banktransfer/static/pretixplugins/banktransfer/ui.js:56
 #: pretix/plugins/banktransfer/static/pretixplugins/banktransfer/ui.js:62
@@ -63,7 +63,7 @@ msgstr "iDEAL"

 #: pretix/plugins/paypal2/static/pretixplugins/paypal2/pretix-paypal.js:42
 msgid "SEPA Direct Debit"
-msgstr "Débit direct SEPA"
+msgstr "Prélèvement SEPA"

 #: pretix/plugins/paypal2/static/pretixplugins/paypal2/pretix-paypal.js:43
 msgid "Bancontact"
@@ -679,10 +679,8 @@ msgid "Your local time:"
 msgstr "Votre heure locale :"

 #: pretix/static/pretixpresale/js/walletdetection.js:39
-#, fuzzy
-#| msgid "Apple Pay"
 msgid "Google Pay"
-msgstr "Apple Pay"
+msgstr "Google Pay"

 #: pretix/static/pretixpresale/js/widget/widget.js:17
 msgctxt "widget"
@@ -77,6 +77,8 @@ def get_event_domain(event, fallback=False, return_info=False):

 def get_organizer_domain(organizer):
    assert isinstance(organizer, Organizer)
+    if not organizer.pk:
+        return None
    domain = getattr(organizer, '_cached_domain', None) or organizer.cache.get('domain')
    if domain is None:
        domains = organizer.domains.filter(event__isnull=True)
@@ -126,7 +128,7 @@ def eventreverse(obj, name, kwargs=None):
    :param kwargs: A dictionary of additional keyword arguments that should be used. You do not
        need to provide the organizer or event slug here, it will be added automatically as
        needed.
-    :returns: An absolute URL (including scheme and host) as a string
+    :returns: An absolute or relative URL as a string
    """
    from pretix.multidomain import (
        event_domain_urlconf, maindomain_urlconf, organizer_domain_urlconf,
@@ -175,6 +177,17 @@ def eventreverse(obj, name, kwargs=None):


 def build_absolute_uri(obj, urlname, kwargs=None):
+    """
+    Works similar to ``eventreverse`` but always returns an absolute URL.
+
+    :param obj: An ``Event`` or ``Organizer`` object
+    :param name: The name of the URL route
+    :type name: str
+    :param kwargs: A dictionary of additional keyword arguments that should be used. You do not
+        need to provide the organizer or event slug here, it will be added automatically as
+        needed.
+    :returns: An absolute URL (including scheme and host) as a string
+    """
    reversedurl = eventreverse(obj, urlname, kwargs)
    if '://' in reversedurl:
        return reversedurl
@@ -535,9 +535,11 @@ class BankTransfer(BasePaymentProvider):
            'eu_barcodes': self.event.currency == 'EUR',
            'pending_description': self.settings.get('pending_description', as_type=LazyI18nString),
            'details': self.settings.get('bank_details', as_type=LazyI18nString),
+            'has_invoices': payment.order.invoices.exists(),
+            'invoice_email_enabled': self.settings.get('invoice_email', as_type=bool),
        }
        ctx['any_barcodes'] = ctx['swiss_qrbill'] or ctx['eu_barcodes']
-        return template.render(ctx)
+        return template.render(ctx, request=request)

    def payment_control_render(self, request: HttpRequest, payment: OrderPayment) -> str:
        warning = None
@@ -11,10 +11,10 @@
            <span class="icon icon-upload"></span> {% trans "Continue" %}
        </button>
        <div class="flipped-scroll-wrapper clearfix">
-            <table class="table table-condensed flipped-scroll-inner">
+            <table class="table table-condensed table-th-sticky-horizontal flipped-scroll-inner">
                <thead>
                <tr>
-                    <th>{% trans "Date" %}</th>
+                    <th scope="row">{% trans "Date" %}</th>
                    {% for col in rows.0 %}
                        <th>
                            <input type="radio" name="date" value="{{ forloop.counter0 }}"/>
@@ -22,7 +22,7 @@
                    {% endfor %}
                </tr>
                <tr>
-                    <th>{% trans "Amount" %}</th>
+                    <th scope="row">{% trans "Amount" %}</th>
                    {% for col in rows.0 %}
                        <th>
                            <input type="radio" name="amount" value="{{ forloop.counter0 }}" required="required"/>
@@ -30,7 +30,7 @@
                    {% endfor %}
                </tr>
                <tr>
-                    <th>{% trans "Reference" %}</th>
+                    <th scope="row">{% trans "Reference" %}</th>
                    {% for col in rows.0 %}
                        <th>
                            <input type="checkbox" name="reference" value="{{ forloop.counter0 }}"/>
@@ -38,7 +38,7 @@
                    {% endfor %}
                </tr>
                <tr>
-                    <th>{% trans "Payer" %}</th>
+                    <th scope="row">{% trans "Payer" %}</th>
                    {% for col in rows.0 %}
                        <th>
                            <input type="checkbox" name="payer" value="{{ forloop.counter0 }}"/>
@@ -46,7 +46,7 @@
                    {% endfor %}
                </tr>
                <tr>
-                    <th>
+                    <th scope="row">
                        {% trans "IBAN" %}
                        <label for="id_iban_clear">
                            <span class="btn btn-default btn-sm fa fa-close"></span>
@@ -62,7 +62,7 @@
                    {% endfor %}
                </tr>
                <tr>
-                    <th>
+                    <th scope="row">
                        {% trans "BIC" %}
                        <label for="id_bic_clear">
                            <span class="btn btn-default btn-sm fa fa-close"></span>
@@ -7,6 +7,7 @@
 {% load money %}
 {% load unidecode %}
 {% load rich_text %}
+{% load eventurl %}

 {% if pending_description %}
    {{ pending_description|rich_text }}
@@ -103,3 +104,28 @@ SCT
 {% if swiss_qrbill %}
 <link rel="stylesheet" href="{% static "pretixplugins/banktransfer/swisscross.css" %}">
 {% endif %}
+
+{% if invoice_email_enabled and has_invoices %}
+    <form method="post" action="{% eventurl event "plugins:banktransfer:mail_invoice" order=order.code secret=order.secret %}">
+        {% csrf_token %}
+        <p>
+            {% blocktrans trimmed %}
+                To send the invoice directly to your accounting department, please enter their email address:
+            {% endblocktrans %}
+        </p>
+        <div class="row">
+            <div class="col-md-9 col-xs-12">
+                <label for="mail_invoice_email" class="sr-only">{% trans "Invoice recipient email" %}:</label>
+                <input type="email" name="email" id="mail_invoice_email" class="form-control" value="" required
+                    placeholder="{% trans "Email address" %}" />
+            </div>
+            <div class="col-md-3 col-xs-12">
+                <button class="btn btn-default btn-block">
+                    <span class="fa fa-envelope-o" aria-hidden="true"></span>
+                    {% trans "Send invoice via email" %}
+                </button>
+            </div>
+        </div>
+    </form>
+    <hr>
+{% endif %}
@@ -19,13 +19,19 @@
 # You should have received a copy of the GNU Affero General Public License along with this program.  If not, see
 # <https://www.gnu.org/licenses/>.
 #
-from django.urls import re_path
+from django.urls import include, re_path

 from pretix.api.urls import orga_router
 from pretix.plugins.banktransfer.api import BankImportJobViewSet

 from . import views

+event_patterns = [
+    re_path(r'^banktransfer/', include([
+        re_path(r'^(?P<order>[^/][^w]+)/(?P<secret>[A-Za-z0-9]+)/mail-invoice/$', views.SendInvoiceMailView.as_view(), name='mail_invoice'),
+    ])),
+]
+
 urlpatterns = [
    re_path(r'^control/organizer/(?P<organizer>[^/]+)/banktransfer/import/',
            views.OrganizerImportView.as_view(),
@@ -44,14 +44,18 @@ from typing import Set

 from django import forms
 from django.contrib import messages
+from django.core.exceptions import ValidationError
+from django.core.validators import validate_email
 from django.db import transaction
 from django.db.models import Count, Q, QuerySet
-from django.http import FileResponse, JsonResponse
+from django.http import FileResponse, Http404, JsonResponse
 from django.shortcuts import get_object_or_404, redirect, render
 from django.urls import reverse
+from django.utils.decorators import method_decorator
 from django.utils.functional import cached_property
 from django.utils.timezone import now
 from django.utils.translation import gettext as _
+from django.views.decorators.clickjacking import xframe_options_exempt
 from django.views.generic import DetailView, FormView, ListView, View
 from django.views.generic.detail import SingleObjectMixin
 from localflavor.generic.forms import BICFormField, IBANFormField
@@ -75,6 +79,8 @@ from pretix.plugins.banktransfer.refund_export import (
    build_sepa_xml, get_refund_export_csv,
 )
 from pretix.plugins.banktransfer.tasks import process_banktransfers
+from pretix.presale.views import EventViewMixin
+from pretix.presale.views.order import OrderDetailMixin

 logger = logging.getLogger('pretix.plugins.banktransfer')

@@ -886,3 +892,36 @@ class OrganizerSepaXMLExportView(OrganizerPermissionRequiredMixin, OrganizerDeta
            organizer=self.request.organizer,
            pk=self.kwargs.get('id')
        )
+
+
+@method_decorator(xframe_options_exempt, 'dispatch')
+class SendInvoiceMailView(EventViewMixin, OrderDetailMixin, View):
+    def post(self, request, *args, **kwargs):
+        if not self.order:
+            raise Http404(_('Unknown order code or not authorized to access this order.'))
+        try:
+            validate_email(request.POST['email'])
+        except ValidationError:
+            messages.error(request, _('Please enter a valid email address.'))
+            return redirect(self.get_order_url())
+
+        last_payment = self.order.payments.last()
+        if (not last_payment
+                or last_payment.provider != BankTransfer.identifier
+                or last_payment.state != OrderPayment.PAYMENT_STATE_CREATED):
+            messages.error(request, _('No pending bank transfer payment found. Maybe the order has been paid already?'))
+            return redirect(self.get_order_url())
+        if not last_payment.payment_provider.settings.get('invoice_email', as_type=bool):
+            messages.error(request, _('Sending invoices via email is disabled by the event organizer.'))
+            return redirect(self.get_order_url())
+
+        last_invoice = self.order.invoices.last()
+        if not last_invoice:
+            messages.error(request, _('No invoice found, please request an invoice first.'))
+            return redirect(self.get_order_url())
+
+        provider = last_payment.payment_provider
+        provider.send_invoice_to_alternate_email(self.order, last_invoice, request.POST['email'])
+
+        messages.success(request, _('Sending the latest invoice via e-mail to {email}.').format(email=request.POST['email']))
+        return redirect(self.get_order_url())
@@ -5,9 +5,9 @@
    <div class="panel panel-default items">
        <div class="panel-heading">
            <h3 class="panel-title">
-                <strong>{{ position.item }}</strong>
+                <strong>{{ position.item.name }}</strong>
                {% if position.variation %}
-                    – {{ position.variation }}
+                    – {{ position.variation.value }}
                {% endif %}
            </h3>
        </div>
@@ -0,0 +1,66 @@
+{% load i18n %}
+{% load eventurl %}
+{% if ev.location and show_location %}
+    <div class="info-row">
+        <span class="fa fa-map-marker fa-fw" aria-hidden="true" title="{% trans "Where does the event happen?" %}"></span>
+        <p><span class="sr-only">{% trans "Where does the event happen?" %}</span>
+            {{ ev.location|linebreaksbr }}
+        </p>
+    </div>
+{% endif %}
+{% if ev.settings.show_dates_on_frontpage %}
+    <div class="info-row">
+        <span class="fa fa-clock-o fa-fw" aria-hidden="true" title="{% trans "When does the event happen?" %}"></span>
+        <p><span class="sr-only">{% trans "When does the event happen?" %}</span>
+            {{ ev.get_date_range_display_as_html }}
+            {% if event.settings.show_times %}
+                <br>
+                <span data-time="{{ ev.date_from.isoformat }}" data-timezone="{{ request.event.timezone }}">
+                    {% with time_human=ev.date_from|date:"TIME_FORMAT" time_24=ev.date_from|time:"H:i" %}
+                        {% blocktrans trimmed with time='<time datetime="'|add:time_24|add:'">'|add:time_human|add:"</time>"|safe %}
+                            Begin: {{ time }}
+                        {% endblocktrans %}
+                    {% endwith %}
+                </span>
+                {% if event.settings.show_date_to and ev.date_to %}
+                    <br>
+                    <span data-time="{{ ev.date_to.isoformat }}" data-timezone="{{ request.event.timezone }}">
+                        {% with time_human=ev.date_to|date:"TIME_FORMAT" time_24=ev.date_to|time:"H:i" %}
+                            {% blocktrans trimmed with time='<time datetime="'|add:time_24|add:'">'|add:time_human|add:"</time>"|safe %}
+                                End: {{ time }}
+                            {% endblocktrans %}
+                        {% endwith %}
+                    </span>
+                {% endif %}
+            {% endif %}
+            {% if ev.date_admission %}
+                <br>
+                {% if ev.date_admission|date:"SHORT_DATE_FORMAT" == ev.date_from|date:"SHORT_DATE_FORMAT" %}
+                    <span data-time="{{ ev.date_admission.isoformat }}" data-timezone="{{ request.event.timezone }}">
+                        {% with time_human=ev.date_admission|date:"TIME_FORMAT" time_24=ev.date_admission|time:"H:i" %}
+                            {% blocktrans trimmed with time='<time datetime="'|add:time_24|add:'">'|add:time_human|add:"</time>"|safe %}
+                                Admission: {{ time }}
+                            {% endblocktrans %}
+                        {% endwith %}
+                    </span>
+                {% else %}
+                    <span data-time="{{ ev.date_admission.isoformat }}" data-timezone="{{ request.event.timezone }}">
+                        {% with datetime_human=ev.date_admission|date:"SHORT_DATETIME_FORMAT" datetime_iso=ev.date_admission|time:"Y-m-d H:i" %}
+                            {% blocktrans trimmed with datetime='<time datetime="'|add:datetime_iso|add:'">'|add:datetime_human|add:"</time>"|safe %}
+                                Admission: {{ datetime }}
+                            {% endblocktrans %}
+                        {% endwith %}
+                    </span>
+                {% endif %}
+            {% endif %}
+            <br>
+            {% if subevent %}
+                <a href="{% eventurl event "presale:event.ical.download" subevent=subevent.pk %}">
+            {% else %}
+                <a href="{% eventurl event "presale:event.ical.download" %}">
+            {% endif %}
+            {% trans "Add to Calendar" %}
+            </a>
+        </p>
+    </div>
+{% endif %}
@@ -162,73 +162,8 @@
        {% endif %}
        {% if not cart_namespace or subevent %}
            <div>
-                {% if ev.location %}
-                    <div class="info-row">
-                        <span class="fa fa-map-marker fa-fw" aria-hidden="true" title="{% trans "Where does the event happen?" %}"></span>
-                        <p><span class="sr-only">{% trans "Where does the event happen?" %}</span>
-                            {{ ev.location|linebreaksbr }}
-                        </p>
-                    </div>
-                {% endif %}
-                {% if ev.settings.show_dates_on_frontpage %}
-                    <div class="info-row">
-                        <span class="fa fa-clock-o fa-fw" aria-hidden="true" title="{% trans "When does the event happen?" %}"></span>
-                        <p><span class="sr-only">{% trans "When does the event happen?" %}</span>
-                            {{ ev.get_date_range_display_as_html }}
-                            {% if event.settings.show_times %}
-                                <br>
-                                <span data-time="{{ ev.date_from.isoformat }}" data-timezone="{{ request.event.timezone }}">
-                                {% with time_human=ev.date_from|date:"TIME_FORMAT" time_24=ev.date_from|time:"H:i" %}
-                                    {% blocktrans trimmed with time='<time datetime="'|add:time_24|add:'">'|add:time_human|add:"</time>"|safe %}
-                                        Begin: {{ time }}
-                                    {% endblocktrans %}
-                                {% endwith %}
-                                </span>
-                                {% if event.settings.show_date_to and ev.date_to %}
-                                    <br>
-                                    <span data-time="{{ ev.date_to.isoformat }}" data-timezone="{{ request.event.timezone }}">
-                                    {% with time_human=ev.date_to|date:"TIME_FORMAT" time_24=ev.date_to|time:"H:i" %}
-                                        {% blocktrans trimmed with time='<time datetime="'|add:time_24|add:'">'|add:time_human|add:"</time>"|safe %}
-                                            End: {{ time }}
-                                        {% endblocktrans %}
-                                    {% endwith %}
-                                   </span>
-                                {% endif %}
-                            {% endif %}
-                            {% if ev.date_admission %}
-                                <br>
-                                {% if ev.date_admission|date:"SHORT_DATE_FORMAT" == ev.date_from|date:"SHORT_DATE_FORMAT" %}
-                                    <span data-time="{{ ev.date_admission.isoformat }}" data-timezone="{{ request.event.timezone }}">  
-                                    {% with time_human=ev.date_admission|date:"TIME_FORMAT" time_24=ev.date_admission|time:"H:i" %}
-                                        {% blocktrans trimmed with time='<time datetime="'|add:time_24|add:'">'|add:time_human|add:"</time>"|safe %}
-                                            Admission: {{ time }}
-                                        {% endblocktrans %}
-                                    {% endwith %}
-                                    </span>
-                                {% else %}
-                                    <span data-time="{{ ev.date_admission.isoformat }}" data-timezone="{{ request.event.timezone }}">
-                                    {% with datetime_human=ev.date_admission|date:"SHORT_DATETIME_FORMAT" datetime_iso=ev.date_admission|time:"Y-m-d H:i" %}
-                                        {% blocktrans trimmed with datetime='<time datetime="'|add:datetime_iso|add:'">'|add:datetime_human|add:"</time>"|safe %}
-                                            Admission: {{ datetime }}
-                                        {% endblocktrans %}
-                                    {% endwith %}
-                                    </span>
-                                {% endif %}
-                            {% endif %}
-                            <br>
-                            {% if subevent %}
-                                <a href="{% eventurl event "presale:event.ical.download" subevent=subevent.pk %}">
-                            {% else %}
-                                <a href="{% eventurl event "presale:event.ical.download" %}">
-                            {% endif %}
-                                {% trans "Add to Calendar" %}
-                            </a>
-                        </p>
-                    </div>
-                {% endif %}
-
+                {% include "pretixpresale/event/fragment_event_info.html" with event=request.event subevent=subevent ev=ev show_location=True %}
            </div>
-
            {% eventsignal event "pretix.presale.signals.front_page_top" request=request subevent=subevent %}
        {% endif %}

@@ -13,63 +13,28 @@
        {% include "pretixpresale/event/fragment_cart_box.html" with open=request.GET.show_cart %}
    {% endif %}

-    <h2>{% trans "Voucher redemption" %}</h2>
-
    {% if subevent %}
+        <h2>{% trans "Voucher redemption" %}</h2>
        {% if request.GET.subevent and subevent.pk|stringformat:"i" != request.GET.subevent %}
            <div class="alert alert-warning">
                {% trans "This voucher is valid only for the following specific date and time." %}
            </div>
        {% endif %}
        <h3>{{ subevent.name }}</h3>
-        {% with ev=subevent %}
-            <div class="info-row">
-                <span class="fa fa-clock-o fa-fw" aria-hidden="true"></span>
-                <p>
-                    {{ ev.get_date_range_display_as_html }}
-                    {% if event.settings.show_times %}
-                        <br>
-                        {% with time_human=ev.date_from|date:"TIME_FORMAT" time_24=ev.date_from|time:"H:i" %}
-                            {% blocktrans trimmed with time='<time datetime="'|add:time_24|add:'">'|add:time_human|add:"</time>"|safe %}
-                                Begin: {{ time }}
-                            {% endblocktrans %}
-                        {% endwith %}
-                        {% if event.settings.show_date_to and ev.date_to %}
-                            <br>
-                            {% with time_human=ev.date_to|date:"TIME_FORMAT" time_24=ev.date_to|time:"H:i" %}
-                                {% blocktrans trimmed with time='<time datetime="'|add:time_24|add:'">'|add:time_human|add:"</time>"|safe %}
-                                    End: {{ time }}
-                                {% endblocktrans %}
-                            {% endwith %}
-                        {% endif %}
-                    {% endif %}
-                    {% if ev.date_admission %}
-                        <br>
-                        {% if ev.date_admission|date:"SHORT_DATE_FORMAT" == ev.date_from|date:"SHORT_DATE_FORMAT" %}
-                            {% with time_human=ev.date_admission|date:"TIME_FORMAT" time_24=ev.date_admission|time:"H:i" %}
-                                {% blocktrans trimmed with time='<time datetime="'|add:time_24|add:'">'|add:time_human|add:"</time>"|safe %}
-                                    Admission: {{ time }}
-                                {% endblocktrans %}
-                            {% endwith %}
-                        {% else %}
-                            {% with datetime_human=ev.date_admission|date:"SHORT_DATETIME_FORMAT" datetime_iso=ev.date_admission|time:"Y-m-d H:i" %}
-                                {% blocktrans trimmed with datetime='<time datetime="'|add:datetime_iso|add:'">'|add:datetime_human|add:"</time>"|safe %}
-                                    Admission: {{ datetime }}
-                                {% endblocktrans %}
-                            {% endwith %}
-                        {% endif %}
-                    {% endif %}
-                    <br>
-                    {% if subevent %}
-                        <a href="{% eventurl event "presale:event.ical.download" subevent=subevent.pk %}">
-                    {% else %}
-                        <a href="{% eventurl event "presale:event.ical.download" %}">
-                    {% endif %}
-                        {% trans "Add to Calendar" %}
-                    </a>
-                </p>
-            </div>
-        {% endwith %}
+        {% include "pretixpresale/event/fragment_event_info.html" with event=request.event subevent=subevent ev=subevent show_location=True %}
+    {% else %}
+        {% if event_logo and event_logo_show_title %}
+            <h2 class="content-header">
+                {{ event.name }}
+                {% if request.event.settings.show_dates_on_frontpage %}
+                    <small>{{ event.get_date_range_display_as_html }}</small>
+                {% endif %}
+            </h2>
+            {% include "pretixpresale/event/fragment_event_info.html" with event=request.event subevent=None ev=request.event show_location=True %}
+            <h3>{% trans "Voucher redemption" %}</h3>
+        {% else %}
+            <h2>{% trans "Voucher redemption" %}</h2>
+        {% endif %}
    {% endif %}

    <p>
@@ -80,7 +80,15 @@
    "DATE_INPUT_FORMATS": [
      "%Y-%m-%d",
      "%m/%d/%Y",
-      "%m/%d/%y"
+      "%m/%d/%y",
+      "%b %d %Y",
+      "%b %d, %Y",
+      "%d %b %Y",
+      "%d %b, %Y",
+      "%B %d %Y",
+      "%B %d, %Y",
+      "%d %B %Y",
+      "%d %B, %Y"
    ],
    "DECIMAL_SEPARATOR": ".",
    "FIRST_DAY_OF_WEEK": 0,
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Richard Schreiber	e54837c532	remove print statement	2023-08-23 09:51:12 +02:00
Raphael Michel	bc49f0f7f1	Fix cache invalidation	2023-08-23 09:47:05 +02:00
Raphael Michel	3e122e0270	Fix quota cache mixup	2023-08-22 13:00:16 +02:00
Raphael Michel	e8ea6e0f5c	Item creation: Fix failing test	2023-08-22 12:59:57 +02:00
Raphael Michel	e94e5be878	Item creation: Fix bug in copying meta data	2023-08-22 11:32:43 +02:00
Richard Schreiber	1073ea626e	Banktransfer: make row-headers sticky (Z#23127000) (#3537 )	2023-08-22 10:53:26 +02:00
Raphael Michel	23ab8df443	Translations: Add Welsh	2023-08-22 10:53:15 +02:00
Kian Cross	d6caf01a38	Add warning about configuration of Celery in development mode to docs (#3525 )	2023-08-22 10:44:11 +02:00
Raphael Michel	1424ae78e9	Revert accidental change	2023-08-22 10:20:19 +02:00
Raphael Michel	827382edc3	Bump redis to 4.6.*	2023-08-22 09:43:21 +02:00
Maurice Kaag	85482bc939	Translations: Update French Currently translated at 100.0% (5400 of 5400 strings) Translation: pretix/pretix Translate-URL: https://translate.pretix.eu/projects/pretix/pretix/fr/ powered by weblate	2023-08-22 09:20:21 +02:00
Felix Hartnagel	42ce545f2f	Translations: Update German (informal) (de_Informal) Currently translated at 100.0% (5400 of 5400 strings) Translation: pretix/pretix Translate-URL: https://translate.pretix.eu/projects/pretix/pretix/de_Informal/ powered by weblate	2023-08-22 09:20:21 +02:00
Raphael Michel	e49bc5d78d	Item creation: Fix crash (PRETIXEU-8VE)	2023-08-22 09:14:23 +02:00
Richard Schreiber	6e7a32ef2a	Vouchers: improve batch-select UI	2023-08-22 09:11:14 +02:00
Raphael Michel	37df7a6313	Allow PDF variables to provide a bulk evaluation method (second try at #3517 ) (#3535 )	2023-08-21 17:59:55 +02:00
Raphael Michel	d5951415a4	Item creation: Fix saving meta data (#3534 )	2023-08-21 16:21:17 +02:00
Raphael Michel	691159ed83	Check-in list: Fix ordering by seat	2023-08-21 15:41:50 +02:00
Raphael Michel	18f517af44	Waiting list: Extend compatibility note	2023-08-21 14:52:39 +02:00
Raphael Michel	89ba2da7e7	QR code generator for voucher URLs and general URLs (#3518 ) * QR code generator: Allow other URLs to be used (e.g. for plugins) * Add QR code to voucher URL view * Fix allowed_hosts --------- Co-authored-by: Richard Schreiber <schreiber@rami.io>	2023-08-17 10:10:27 +02:00
Raphael Michel	c1c47e50c3	Voucher redemption: Display event title in some cases (#3519 ) * Voucher redemption: Display event title in some cases (Z#23127871) * Remove unnecessary "with" statement * fix indentation --------- Co-authored-by: Richard Schreiber <schreiber@rami.io>	2023-08-17 09:17:47 +02:00
Richard Schreiber	f262cd632c	Chekout: make disabling sneak-peek more robust (#3527 )	2023-08-16 15:02:02 +02:00
Richard Schreiber	8d58294af1	Fix typeahead item variations order_by	2023-08-16 10:01:27 +02:00
Richard Schreiber	ddc94a8a16	Revert "Allow PDF variables to provide a bulk evaluation method (#3517 )" This reverts commit `6ada83df9a`.	2023-08-14 15:11:13 +02:00
Raphael Michel	83811c0343	Fix minor CSS issue in button groups	2023-08-10 14:12:19 +02:00
Raphael Michel	b2c05a72e5	Voucher list: Fix ordering by product	2023-08-10 11:29:10 +02:00
Martin Gross	8c56a23562	Add logentry plain for pretix.giftcards.acceptance.acceptor.removed	2023-08-10 11:21:54 +02:00
Raphael Michel	53e1d9c6c4	Tests: Fix improper cleanup of SITE_URL	2023-08-10 11:20:26 +02:00
Mira	6250ab2165	Bank transfer: Allow customer to send latest invoice via email (Z#207218) (#3511 ) Co-authored-by: Raphael Michel <michel@rami.io>	2023-08-09 18:23:45 +02:00
Raphael Michel	6ada83df9a	Allow PDF variables to provide a bulk evaluation method (#3517 )	2023-08-09 18:22:56 +02:00
Raphael Michel	cfd6376936	Fix transaction view after Django upgrade	2023-08-09 17:11:20 +02:00
Raphael Michel	edb0cd0941	Update STORAGES in docker settings	2023-08-09 15:01:21 +02:00
Raphael Michel	88ac407cf3	Cart: Disable sneak peek on very small carts (#3512 )	2023-08-09 14:53:50 +02:00
dependabot[bot]	5ba56fb5ac	Bump @babel/core from 7.22.5 to 7.22.9 in /src/pretix/static/npm_dir (#3501 ) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-08-09 14:53:34 +02:00
Raphael Michel	b51c9f7552	Upgrade to Django 4.2 (#3497 )	2023-08-09 14:47:41 +02:00
Ronan LE MEILLAT	0853296663	Translations: Update French Currently translated at 99.9% (5398 of 5400 strings) Translation: pretix/pretix Translate-URL: https://translate.pretix.eu/projects/pretix/pretix/fr/ powered by weblate	2023-08-09 14:47:26 +02:00
Raphael Michel	721e7549bc	Remove forgotten debug statement	2023-08-09 10:34:24 +02:00
Martin Gross	aee86de330	Import: Allow to import "False"-value (Z#23127414) (#3505 )	2023-08-08 15:36:51 +02:00
Raphael Michel	756a4355d1	Use newer postgres version for test	2023-08-08 15:32:02 +02:00
Mira	5119bbd0b1	Docs: Update i18n.rst (fix dead link) (#3513 )	2023-08-08 15:04:51 +02:00
Raphael Michel	728bd74e28	Organizer settings: Move save button to the left	2023-08-07 17:44:52 +02:00
Mira	015ffeecbf	Main menu: Add load indicator to event selector (#3508 )	2023-08-07 14:25:50 +02:00
Raphael Michel	0365f6d9fc	Order change manager: Set new expiry date if splitted order is pending (#3509 )	2023-08-07 14:13:44 +02:00
Raphael Michel	e208a79c32	Docs: Update implementation docs for URL routing (#3510 )	2023-08-07 14:13:19 +02:00
ticketflock	0037d37960	Translations: Add English (Old)	2023-08-07 14:04:34 +02:00
ticketflock	50d9b1e4a3	Translations: Add English (Middle)	2023-08-07 14:04:34 +02:00
Patrizia Cotza	7919d012e6	Translations: Update Spanish Currently translated at 58.5% (3159 of 5400 strings) Translation: pretix/pretix Translate-URL: https://translate.pretix.eu/projects/pretix/pretix/es/ powered by weblate	2023-08-07 14:04:34 +02:00
Ronan LE MEILLAT	327f95a9cc	Translations: Update French Currently translated at 100.0% (212 of 212 strings) Translation: pretix/pretix (JavaScript parts) Translate-URL: https://translate.pretix.eu/projects/pretix/pretix-js/fr/ powered by weblate	2023-08-07 14:04:34 +02:00
Ronan LE MEILLAT	98946ded4b	Translations: Update French Currently translated at 99.9% (5398 of 5400 strings) Translation: pretix/pretix Translate-URL: https://translate.pretix.eu/projects/pretix/pretix/fr/ powered by weblate	2023-08-07 14:04:34 +02:00
Ronan LE MEILLAT	cf47b69bd3	Translations: Update French Currently translated at 99.3% (5366 of 5400 strings) Translation: pretix/pretix Translate-URL: https://translate.pretix.eu/projects/pretix/pretix/fr/ powered by weblate	2023-08-07 14:04:34 +02:00
Raphael Michel	fa5c69ce0a	Translations: Update German (informal) (de_Informal) Currently translated at 100.0% (5400 of 5400 strings) Translation: pretix/pretix Translate-URL: https://translate.pretix.eu/projects/pretix/pretix/de_Informal/ powered by weblate	2023-08-07 14:04:34 +02:00
Raphael Michel	39d85fc112	Event creation: Fix rare crash (PRETIXEU-8RD)	2023-08-07 09:47:14 +02:00
Mira	23e222bf13	Sidebar dropdown: remove menu load delay	2023-08-03 14:28:59 +02:00
Raphael Michel	cb068b029f	Wallet detection: Fix race condition	2023-07-28 17:31:47 +02:00
Raphael Michel	9e95f3be1b	Wallet detection: Extend CSP header for google pay	2023-07-28 16:49:11 +02:00
Raphael Michel	401c02865b	Voucher form: Sort quotas by date	2023-07-28 16:29:03 +02:00
Raphael Michel	062450002d	Bump to 2023.8.0.dev0	2023-07-28 09:30:04 +02:00
Raphael Michel	6d834762c4	Bump to 2023.7.0	2023-07-28 09:29:07 +02:00
Raphael Michel	4f1e9a31c6	Translations: Update German (informal) (de_Informal) Currently translated at 100.0% (5400 of 5400 strings) Translation: pretix/pretix Translate-URL: https://translate.pretix.eu/projects/pretix/pretix/de_Informal/ powered by weblate	2023-07-27 14:17:58 +02:00
Raphael Michel	8ed3911dfb	Translations: Update German Currently translated at 100.0% (5400 of 5400 strings) Translation: pretix/pretix Translate-URL: https://translate.pretix.eu/projects/pretix/pretix/de/ powered by weblate	2023-07-27 14:17:58 +02:00
Raphael Michel	4562879cb2	Update po files [CI skip] Signed-off-by: Raphael Michel <michel@rami.io>	2023-07-27 13:50:15 +02:00
Raphael Michel	ef0024b2ef	Payment deadline delay: Respect week days	2023-07-27 13:49:31 +02:00
Raphael Michel	8e603410fa	Update po files [CI skip] Signed-off-by: Raphael Michel <michel@rami.io>	2023-07-27 10:38:23 +02:00
Raphael Michel	16691ca2f6	Prevent `65ecdc184` clashing with forms that have a field called `template`	2023-07-26 19:18:53 +02:00
Raphael Michel	d7e70fd0b9	Order change: Do not expose internal name	2023-07-26 15:41:15 +02:00
Raphael Michel	071a3e2c9b	PDF layouts: Allow negative numbers in JSON schema	2023-07-26 15:41:15 +02:00
Raphael Michel	1733c383b3	Docs: Add description of NFC support (#3494 ) * Add documentation on NFC support * Add a . * Update doc/development/nfc/uid.rst Co-authored-by: robbi5 <richt@rami.io> --------- Co-authored-by: robbi5 <richt@rami.io>	2023-07-26 13:26:00 +02:00