Order search: Proper input validation with error feedback for advanced search (#4920)

2026-05-05 15:14:04 +00:00 · 2025-03-18 09:01:13 +01:00
parent f475781a89
commit 0236911a88
2 changed files with 22 additions and 1 deletions
--- a/src/pretix/control/views/orders.py
+++ b/src/pretix/control/views/orders.py
@@ -172,6 +172,26 @@ class OrderSearch(OrderSearchMixin, EventPermissionRequiredMixin, TemplateView):
        ctx['forms'] = self.get_forms()
        return ctx

+    def post(self, request, *args, **kwargs):
+        all_valid = True
+        for f in self.get_forms():
+            if not f.is_valid():
+                all_valid = False
+
+        if all_valid:
+            data = request.POST.copy()
+            data.pop('csrfmiddlewaretoken', None)
+            return redirect(reverse(
+                "control:event.orders",
+                kwargs={
+                    "event": request.event.slug,
+                    "organizer": request.event.organizer.slug,
+                }
+            ) + '?' + data.urlencode())
+        else:
+            messages.error(request, _("We could not process your input. See below for details."))
+            return self.get(request, *args, **kwargs)
+

 class BaseOrderBulkActionView(OrderSearchMixin, EventPermissionRequiredMixin, AsyncFormView):
    template_name = 'pretixcontrol/orders/bulk_action.html'