From 02fb27fa5dff8cc6101ee28f9d822678d6ad5f11 Mon Sep 17 00:00:00 2001
From: Raphael Michel <mail@raphaelmichel.de>
Date: Sun, 10 Apr 2016 17:30:24 +0200
Subject: [PATCH] Externalize more resources, implement Content-Security-Policy
 headers

---
 src/pretix/base/middleware.py                 |  41 +++
 .../pretixcontrol/attendees/index.html        |   2 +-
 .../control/templates/pretixcontrol/base.html |   1 +
 .../help/payment/fee_reverse.html             |   4 +-
 .../templates/pretixcontrol/order/index.html  |   2 +-
 .../templates/pretixcontrol/orders/index.html |   4 +-
 src/pretix/locale/de/LC_MESSAGES/django.po    | 313 ++++++++++--------
 src/pretix/locale/de/LC_MESSAGES/djangojs.po  |  26 +-
 .../locale/de_Informal/LC_MESSAGES/django.po  | 313 ++++++++++--------
 .../de_Informal/LC_MESSAGES/djangojs.po       |  26 +-
 .../banktransfer/import_assign.html           |   4 +-
 .../banktransfer/import_confirm.html          |   2 +-
 .../pretixplugins/statistics/statistics.js    |  13 +-
 .../pretixplugins/statistics/index.html       |   7 +-
 src/pretix/plugins/statistics/views.py        |  10 +-
 .../pretixplugins/stripe/pretix-stripe.js     |   6 +-
 .../pretixplugins/stripe/presale_head.html    |   6 +-
 src/pretix/settings.py                        |   1 +
 src/static/pretixcontrol/scss/main.scss       |  10 +
 19 files changed, 494 insertions(+), 297 deletions(-)

diff --git a/src/pretix/base/middleware.py b/src/pretix/base/middleware.py
index 580eaeaddc..313ba60361 100644
--- a/src/pretix/base/middleware.py
+++ b/src/pretix/base/middleware.py
@@ -129,3 +129,44 @@ def get_language_from_request(request: HttpRequest) -> str:
         or get_language_from_browser(request)
         or get_default_language()
     )
+
+
+class SecurityMiddleware:
+
+    def _parse_csp(self, header):
+        h = {}
+        for part in header.split(';'):
+            k, v = part.split(' ', 1)
+            h[k] = v
+        return h
+
+    def _render_csp(self, h):
+        return "; ".join(k + ' ' + v for k, v in h.items())
+
+    def process_response(self, request, resp):
+        resp['X-XSS-Protection'] = '1'
+        h = {
+            'default-src': "{static}",
+            'script-src': '{static} https://js.stripe.com',
+            'object-src': "'none'",
+            'frame-src': "'none'",
+            'style-src': "{static}",
+            'img-src': "{static} data:",
+            'form-action': "{dynamic}",
+        }
+        if 'Content-Security-Policy' in resp:
+            h.update(self._parse_csp(resp['Content-Security-Policy']))
+
+        staticdomain = "'self'"
+        dynamicdomain = "'self'"
+        if settings.STATIC_URL.startswith('http'):
+            staticdomain += " " + settings.STATIC_URL[:settings.STATIC_URL.find('/', 9)]
+        if settings.SITE_URL.startswith('http'):
+            if settings.SITE_URL.find('/', 9) > 0:
+                staticdomain += " " + settings.SITE_URL[:settings.SITE_URL.find('/', 9)]
+                dynamicdomain += " " + settings.SITE_URL[:settings.SITE_URL.find('/', 9)]
+            else:
+                staticdomain += " " + settings.SITE_URL
+                dynamicdomain += " " + settings.SITE_URL
+        resp['Content-Security-Policy'] = self._render_csp(h).format(static=staticdomain, dynamic=dynamicdomain)
+        return resp
diff --git a/src/pretix/control/templates/pretixcontrol/attendees/index.html b/src/pretix/control/templates/pretixcontrol/attendees/index.html
index b23ccb771c..93c33fe98f 100644
--- a/src/pretix/control/templates/pretixcontrol/attendees/index.html
+++ b/src/pretix/control/templates/pretixcontrol/attendees/index.html
@@ -4,7 +4,7 @@
 {% block content %}
 	<h1>{% trans "Attendees" %}</h1>
     <p>
-        <form class="form-inline" action="" method="get" style="display: inline;">
+        <form class="form-inline helper-display-inline" action="" method="get">
             <select name="status" class="form-control">
                 <option value="">{% trans "All attendees" %}</option>
                 <option value="p" {% if request.GET.status == "p" %}selected="selected"{% endif %}>{% trans "Paid" %}</option>
diff --git a/src/pretix/control/templates/pretixcontrol/base.html b/src/pretix/control/templates/pretixcontrol/base.html
index 50fc67b067..21d1fb97e3 100644
--- a/src/pretix/control/templates/pretixcontrol/base.html
+++ b/src/pretix/control/templates/pretixcontrol/base.html
@@ -9,6 +9,7 @@
 		{% compress css %}
     		<link rel="stylesheet" type="text/x-scss" href="{% static "pretixcontrol/scss/main.scss" %}" />
 		{% endcompress %}
+        <script type="text/javascript" src="{% url "javascript-catalog" %}"></script>
 		{% compress js %}
             <script type="text/javascript" src="{% static "jquery/js/jquery-2.1.1.min.js" %}"></script>
             <script type="text/javascript" src="{% static "js/jquery.formset.js" %}"></script>
diff --git a/src/pretix/control/templates/pretixcontrol/help/payment/fee_reverse.html b/src/pretix/control/templates/pretixcontrol/help/payment/fee_reverse.html
index 89937d6eab..b982483064 100644
--- a/src/pretix/control/templates/pretixcontrol/help/payment/fee_reverse.html
+++ b/src/pretix/control/templates/pretixcontrol/help/payment/fee_reverse.html
@@ -11,7 +11,7 @@
         <li>
             <strong>Method A: Calculate the fee from the subtotal and add it to the bill.</strong> For a ticket price of
             100 €, this will lead to the following calculation:
-            <table class="table" style="width: auto;">
+            <table class="table helper-width-auto">
                 <tr>
                     <td>Ticket price</td>
                     <td class="text-right">100.00 €</td>
@@ -37,7 +37,7 @@
         <li>
             <strong>Method B (default): Calculate the fee from the total value including the fee.</strong> For a ticket
             price of 100 €, this will lead to the following calculation:
-            <table class="table" style="width: auto;">
+            <table class="table helper-width-auto">
                 <tr>
                     <td>Ticket price</td>
                     <td class="text-right">100.00 €</td>
diff --git a/src/pretix/control/templates/pretixcontrol/order/index.html b/src/pretix/control/templates/pretixcontrol/order/index.html
index 16d54a018e..c68e9f3b96 100644
--- a/src/pretix/control/templates/pretixcontrol/order/index.html
+++ b/src/pretix/control/templates/pretixcontrol/order/index.html
@@ -72,7 +72,7 @@
                         <dt>{% trans "User" %}</dt>
                         <dd>
                             {{ order.email }}&nbsp;&nbsp;
-                            <form class="form-inline" style="display: inline;" method="post"
+                            <form class="form-inline helper-display-inline" method="post"
                                     action="{% url "control:event.order.resendlink" event=request.event.slug organizer=request.event.organizer.slug code=order.code %}">
                                 {% csrf_token %}
                                 <button class="btn btn-default btn-xs">
diff --git a/src/pretix/control/templates/pretixcontrol/orders/index.html b/src/pretix/control/templates/pretixcontrol/orders/index.html
index 941e00774e..93a1e54b02 100644
--- a/src/pretix/control/templates/pretixcontrol/orders/index.html
+++ b/src/pretix/control/templates/pretixcontrol/orders/index.html
@@ -4,7 +4,7 @@
 {% block content %}
 	<h1>{% trans "Orders" %}</h1>
     <p>
-        <form class="form-inline" style="display: inline;"
+        <form class="form-inline helper-display-inline"
               action="{% url "control:event.orders.go" event=request.event.slug organizer=request.event.organizer.slug %}">
             <div class="input-group">
                 <input type="text" name="code" class="form-control" placeholder="{% trans "Order code" %}">
@@ -13,7 +13,7 @@
                 </span>
             </div>
         </form>
-        <form class="form-inline" action="" method="get" style="display: inline;">
+        <form class="form-inline helper-display-inline" action="" method="get">
             <select name="status" class="form-control">
                 <option value="">{% trans "All orders" %}</option>
                 <option value="p" {% if request.GET.status == "p" %}selected="selected"{% endif %}>{% trans "Paid" %}</option>
diff --git a/src/pretix/locale/de/LC_MESSAGES/django.po b/src/pretix/locale/de/LC_MESSAGES/django.po
index 4fa1eba1c1..84e0eebacf 100644
--- a/src/pretix/locale/de/LC_MESSAGES/django.po
+++ b/src/pretix/locale/de/LC_MESSAGES/django.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: 1\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-03-24 17:04+0000\n"
+"POT-Creation-Date: 2016-04-10 15:19+0000\n"
 "PO-Revision-Date: 2016-03-24 18:08+0100\n"
 "Last-Translator: Raphael Michel <michel@rami.io>\n"
 "Language-Team: Raphael Michel <michel@rami.io>\n"
@@ -148,8 +148,8 @@ msgstr "Benutzer"
 msgid "%(family)s, %(given)s"
 msgstr "%(family)s, %(given)s"
 
-#: pretix/base/models/event.py:55 pretix/base/models/items.py:428
-#: pretix/base/models/orders.py:502 pretix/base/models/organizer.py:25
+#: pretix/base/models/event.py:55 pretix/base/models/items.py:441
+#: pretix/base/models/orders.py:505 pretix/base/models/organizer.py:25
 #: pretix/control/templates/pretixcontrol/order/index.html:215
 #: pretix/presale/templates/pretixpresale/event/checkout_confirm.html:77
 #: pretix/presale/templates/pretixpresale/event/order.html:137
@@ -227,14 +227,14 @@ msgid "Plugins"
 msgstr "Erweiterungen"
 
 #: pretix/base/models/event.py:99 pretix/base/models/items.py:109
-#: pretix/base/models/items.py:424 pretix/base/models/orders.py:95
-#: pretix/base/models/orders.py:464 pretix/base/models/vouchers.py:25
+#: pretix/base/models/items.py:437 pretix/base/models/orders.py:95
+#: pretix/base/models/orders.py:467 pretix/base/models/vouchers.py:25
 #: pretix/base/services/invoices.py:212
 msgid "Event"
 msgstr "Veranstaltung"
 
 #: pretix/base/models/event.py:100
-#: pretix/control/templates/pretixcontrol/base.html:98
+#: pretix/control/templates/pretixcontrol/base.html:99
 #: pretix/control/templates/pretixcontrol/events/index.html:3
 #: pretix/control/templates/pretixcontrol/events/index.html:5
 msgid "Events"
@@ -387,7 +387,7 @@ msgstr "Dieses Produkt wird nach diesem Termin nicht mehr verkauft."
 msgid "Product"
 msgstr "Produkt"
 
-#: pretix/base/models/items.py:176 pretix/base/models/items.py:346
+#: pretix/base/models/items.py:176 pretix/base/models/items.py:351
 #: pretix/control/templates/pretixcontrol/event/base.html:68
 #: pretix/control/templates/pretixcontrol/event/base.html:75
 #: pretix/control/templates/pretixcontrol/items/base.html:3
@@ -409,7 +409,7 @@ msgstr "Variante"
 msgid "Product variations"
 msgstr "Varianten"
 
-#: pretix/base/models/items.py:321 pretix/plugins/reports/exporters.py:157
+#: pretix/base/models/items.py:324 pretix/plugins/reports/exporters.py:157
 #: pretix/plugins/reports/exporters.py:158
 #: pretix/plugins/reports/exporters.py:159
 #: pretix/plugins/reports/exporters.py:160
@@ -417,69 +417,84 @@ msgstr "Varianten"
 msgid "Number"
 msgstr "Zahl"
 
-#: pretix/base/models/items.py:322
+#: pretix/base/models/items.py:325
 msgid "Text (one line)"
 msgstr "Text (einzeilig)"
 
-#: pretix/base/models/items.py:323
+#: pretix/base/models/items.py:326
 msgid "Multiline text"
 msgstr "Text (mehrzeilig)"
 
-#: pretix/base/models/items.py:324
+#: pretix/base/models/items.py:327
 msgid "Yes/No"
 msgstr "Ja/Nein"
 
-#: pretix/base/models/items.py:332 pretix/base/models/items.py:352
-#: pretix/control/templates/pretixcontrol/items/question.html:4
-#: pretix/control/templates/pretixcontrol/items/question.html:6
+#: pretix/base/models/items.py:328
+msgid "Choose one from a list"
+msgstr ""
+
+#: pretix/base/models/items.py:329
+msgid "Choose multiple from a list"
+msgstr ""
+
+#: pretix/base/models/items.py:337 pretix/base/models/items.py:357
+#: pretix/control/forms/item.py:25
+#: pretix/control/templates/pretixcontrol/items/question.html:5
+#: pretix/control/templates/pretixcontrol/items/question.html:7
 #: pretix/control/templates/pretixcontrol/items/questions.html:13
 msgid "Question"
 msgstr "Frage"
 
-#: pretix/base/models/items.py:337
+#: pretix/base/models/items.py:342
 msgid "Question type"
 msgstr "Art der Antwort"
 
-#: pretix/base/models/items.py:341
+#: pretix/base/models/items.py:346
 msgid "Required question"
 msgstr "Antwort erforderlich"
 
-#: pretix/base/models/items.py:348
+#: pretix/base/models/items.py:353
 msgid "This question will be asked to buyers of the selected products"
 msgstr "Diese Frage wird allen Käufern der ausgewählten Produkte gestellt"
 
-#: pretix/base/models/items.py:353
+#: pretix/base/models/items.py:358
 #: pretix/control/templates/pretixcontrol/event/base.html:92
 #: pretix/control/templates/pretixcontrol/items/questions.html:3
 #: pretix/control/templates/pretixcontrol/items/questions.html:5
 msgid "Questions"
 msgstr "Fragen"
 
-#: pretix/base/models/items.py:431
+#: pretix/base/models/items.py:376
+#, fuzzy
+#| msgid "Answers"
+msgid "Answer"
+msgstr "Antworten"
+
+#: pretix/base/models/items.py:444
 #: pretix/control/templates/pretixcontrol/items/quotas.html:15
 msgid "Total capacity"
 msgstr "Gesamtanzahl"
 
-#: pretix/base/models/items.py:433
+#: pretix/base/models/items.py:446
 msgid "Leave empty for an unlimited number of tickets."
 msgstr "Leer lassen für unbegrenzt viele Tickets."
 
-#: pretix/base/models/items.py:437 pretix/base/models/orders.py:325
+#: pretix/base/models/items.py:450 pretix/base/models/orders.py:328
 msgid "Item"
 msgstr "Produkt"
 
-#: pretix/base/models/items.py:445
+#: pretix/base/models/items.py:458
 #: pretix/control/templates/pretixcontrol/item/base.html:16
 msgid "Variations"
 msgstr "Varianten"
 
-#: pretix/base/models/items.py:449
+#: pretix/base/models/items.py:462
 #: pretix/control/templates/pretixcontrol/items/quota.html:4
 #: pretix/control/templates/pretixcontrol/items/quota.html:6
 msgid "Quota"
 msgstr "Kontingent"
 
-#: pretix/base/models/items.py:450
+#: pretix/base/models/items.py:463
 #: pretix/control/templates/pretixcontrol/event/base.html:80
 #: pretix/control/templates/pretixcontrol/items/quotas.html:3
 #: pretix/control/templates/pretixcontrol/items/quotas.html:5
@@ -526,14 +541,14 @@ msgstr "Status"
 msgid "Locale"
 msgstr "Sprache"
 
-#: pretix/base/models/orders.py:108 pretix/base/models/orders.py:471
+#: pretix/base/models/orders.py:108 pretix/base/models/orders.py:474
 #: pretix/plugins/banktransfer/templates/pretixplugins/banktransfer/import_assign.html:17
 #: pretix/plugins/banktransfer/templates/pretixplugins/banktransfer/import_confirm.html:13
 #: pretix/presale/templates/pretixpresale/organizers/index.html:22
 msgid "Date"
 msgstr "Datum"
 
-#: pretix/base/models/orders.py:111 pretix/base/models/orders.py:475
+#: pretix/base/models/orders.py:111 pretix/base/models/orders.py:478
 #: pretix/plugins/stripe/templates/pretixplugins/stripe/checkout_payment_form.html:23
 msgid "Expiration date"
 msgstr "Ablaufdatum"
@@ -575,7 +590,7 @@ msgstr "Der Bestellungsstatus wurde manuell verändert"
 msgid "Total amount"
 msgstr "Gesamtbetrag"
 
-#: pretix/base/models/orders.py:148 pretix/base/models/orders.py:393
+#: pretix/base/models/orders.py:148 pretix/base/models/orders.py:396
 #: pretix/plugins/banktransfer/templates/pretixplugins/banktransfer/import_confirm.html:17
 msgid "Order"
 msgstr "Bestellung"
@@ -596,25 +611,25 @@ msgstr "Die Zahlung kommt zu spät, um akzeptiert werden zu können."
 msgid "Some of the ordered products were no longer available."
 msgstr "Einige der ausgewählten Produkte sind nicht mehr verfügbar."
 
-#: pretix/base/models/orders.py:293
+#: pretix/base/models/orders.py:291
 #: pretix/control/templates/pretixcontrol/vouchers/index.html:28
 msgid "Yes"
 msgstr "Ja"
 
-#: pretix/base/models/orders.py:295
+#: pretix/base/models/orders.py:293
 #: pretix/control/templates/pretixcontrol/vouchers/index.html:28
 msgid "No"
 msgstr "Nein"
 
-#: pretix/base/models/orders.py:331
+#: pretix/base/models/orders.py:334
 msgid "Variation"
 msgstr "Variante"
 
-#: pretix/base/models/orders.py:336
+#: pretix/base/models/orders.py:339
 msgid "Price"
 msgstr "Preis"
 
-#: pretix/base/models/orders.py:340
+#: pretix/base/models/orders.py:343
 #: pretix/control/templates/pretixcontrol/attendees/index.html:34
 #: pretix/control/templates/pretixcontrol/order/index.html:122
 #: pretix/presale/forms/checkout.py:67
@@ -622,69 +637,69 @@ msgstr "Preis"
 msgid "Attendee name"
 msgstr "Name des Teilnehmers"
 
-#: pretix/base/models/orders.py:342
+#: pretix/base/models/orders.py:345
 msgid "Empty, if this product is not an admission ticket"
 msgstr "Leer, wenn dies kein Eintrittsticket ist"
 
-#: pretix/base/models/orders.py:399
+#: pretix/base/models/orders.py:402
 msgid "Tax rate"
 msgstr "Steuersatz"
 
-#: pretix/base/models/orders.py:403
+#: pretix/base/models/orders.py:406
 msgid "Tax value"
 msgstr "Steuer"
 
-#: pretix/base/models/orders.py:408
+#: pretix/base/models/orders.py:411
 msgid "Order position"
 msgstr "Bestelltes Produkt"
 
-#: pretix/base/models/orders.py:409
+#: pretix/base/models/orders.py:412
 msgid "Order positions"
 msgstr "Bestellzeile"
 
-#: pretix/base/models/orders.py:468
+#: pretix/base/models/orders.py:471
 msgid "Cart ID (e.g. session key)"
 msgstr "Warenkorb-ID (z.B. Session-ID)"
 
-#: pretix/base/models/orders.py:479
+#: pretix/base/models/orders.py:482
 msgid "Cart position"
 msgstr "Produkt im Warenkorb"
 
-#: pretix/base/models/orders.py:480
+#: pretix/base/models/orders.py:483
 msgid "Cart positions"
 msgstr "Produkte im Warenkorb"
 
-#: pretix/base/models/orders.py:501
+#: pretix/base/models/orders.py:504
 msgid "Company name"
 msgstr "Firmenname"
 
-#: pretix/base/models/orders.py:503
+#: pretix/base/models/orders.py:506
 #: pretix/control/templates/pretixcontrol/order/index.html:217
 #: pretix/presale/templates/pretixpresale/event/checkout_confirm.html:79
 #: pretix/presale/templates/pretixpresale/event/order.html:139
 msgid "Address"
 msgstr "Adresse"
 
-#: pretix/base/models/orders.py:504
+#: pretix/base/models/orders.py:507
 msgid "ZIP code"
 msgstr "Postleitzahl"
 
-#: pretix/base/models/orders.py:505
+#: pretix/base/models/orders.py:508
 msgid "City"
 msgstr "Ort"
 
-#: pretix/base/models/orders.py:506
+#: pretix/base/models/orders.py:509
 #: pretix/control/templates/pretixcontrol/order/index.html:221
 #: pretix/presale/templates/pretixpresale/event/checkout_confirm.html:83
 #: pretix/presale/templates/pretixpresale/event/order.html:143
 msgid "Country"
 msgstr "Land"
 
-#: pretix/base/models/orders.py:507
+#: pretix/base/models/orders.py:510
 msgid "Phone number"
 msgstr "Telefonnummer"
 
-#: pretix/base/models/orders.py:508
+#: pretix/base/models/orders.py:511
 #: pretix/control/templates/pretixcontrol/order/index.html:226
 #: pretix/presale/templates/pretixpresale/event/checkout_confirm.html:88
 #: pretix/presale/templates/pretixpresale/event/order.html:148
@@ -699,7 +714,7 @@ msgid "Organizer"
 msgstr "Veranstalter"
 
 #: pretix/base/models/organizer.py:44
-#: pretix/control/templates/pretixcontrol/base.html:104
+#: pretix/control/templates/pretixcontrol/base.html:105
 #: pretix/control/templates/pretixcontrol/organizers/index.html:3
 #: pretix/control/templates/pretixcontrol/organizers/index.html:5
 msgid "Organizers"
@@ -719,7 +734,7 @@ msgstr "Veranstalter-Berechtigungen"
 
 #: pretix/base/models/vouchers.py:28
 #: pretix/control/templates/pretixcontrol/vouchers/index.html:14
-#: pretix/presale/templates/pretixpresale/event/index.html:198
+#: pretix/presale/templates/pretixpresale/event/index.html:196
 msgid "Voucher code"
 msgstr "Gutscheincode"
 
@@ -784,6 +799,7 @@ msgstr "Gutschein"
 
 #: pretix/base/models/vouchers.py:77
 #: pretix/control/templates/pretixcontrol/event/base.html:138
+#: pretix/control/templates/pretixcontrol/items/quota.html:65
 #: pretix/control/templates/pretixcontrol/vouchers/index.html:3
 #: pretix/control/templates/pretixcontrol/vouchers/index.html:5
 msgid "Vouchers"
@@ -1258,13 +1274,13 @@ msgstr ""
 "probieren es dann erneut. Wenn das Problem fortbesteht, wenden Sie sich "
 "bitte an uns."
 
-#: pretix/base/templates/pretixbase/cachedfiles/pending.html:19
+#: pretix/base/templates/pretixbase/cachedfiles/pending.html:20
 msgid "We are preparing your file for download…"
 msgstr "Wir bereiten Ihre Datei zum Download vor…"
 
-#: pretix/base/templates/pretixbase/cachedfiles/pending.html:21
-#: pretix/presale/templates/pretixpresale/base.html:46
-#: pretix/presale/templates/pretixpresale/waiting.html:24
+#: pretix/base/templates/pretixbase/cachedfiles/pending.html:22
+#: pretix/presale/templates/pretixpresale/base.html:44
+#: pretix/presale/templates/pretixpresale/waiting.html:25
 msgid "If this takes longer than a few minutes, please contact us."
 msgstr ""
 "Wenn dies länger als ein paar Minuten dauert, kontaktieren Sie uns bitte."
@@ -1667,19 +1683,19 @@ msgstr "Download-Datum"
 msgid "Ticket download will be offered after this date."
 msgstr "Der Ticket-Download wird zu diesem Zeitpunkt freigeschaltet."
 
-#: pretix/control/forms/item.py:60
+#: pretix/control/forms/item.py:77
 msgid "Activate for"
 msgstr "aktiviert für"
 
-#: pretix/control/forms/item.py:68
+#: pretix/control/forms/item.py:85
 msgid "Activate"
 msgstr "aktiviert"
 
-#: pretix/control/forms/item.py:106
+#: pretix/control/forms/item.py:123
 msgid "The product should exist in multiple variations"
 msgstr "Das Produkt soll in mehreren Varianten existieren"
 
-#: pretix/control/forms/item.py:107
+#: pretix/control/forms/item.py:124
 msgid ""
 "Select this option e.g. for t-shirts that come in multiple sizes. You can "
 "select the variations in the next step."
@@ -1806,8 +1822,8 @@ msgid "Filter"
 msgstr "Filter"
 
 #: pretix/control/templates/pretixcontrol/auth/base.html:29
-#: pretix/control/templates/pretixcontrol/base.html:126
-#: pretix/presale/templates/pretixpresale/base.html:34
+#: pretix/control/templates/pretixcontrol/base.html:127
+#: pretix/presale/templates/pretixpresale/base.html:35
 #, python-format
 msgid "powered by <a %(a_attr)s>pretix</a>"
 msgstr "powered by <a %(a_attr)s>pretix</a>"
@@ -1848,8 +1864,8 @@ msgstr "Neues Passwort setzen"
 #: pretix/control/templates/pretixcontrol/item/index.html:32
 #: pretix/control/templates/pretixcontrol/item/variations.html:83
 #: pretix/control/templates/pretixcontrol/items/category.html:16
-#: pretix/control/templates/pretixcontrol/items/question.html:28
-#: pretix/control/templates/pretixcontrol/items/quota.html:46
+#: pretix/control/templates/pretixcontrol/items/question.html:82
+#: pretix/control/templates/pretixcontrol/items/quota.html:82
 #: pretix/control/templates/pretixcontrol/order/extend.html:22
 #: pretix/control/templates/pretixcontrol/organizers/create.html:17
 #: pretix/control/templates/pretixcontrol/organizers/detail.html:17
@@ -1866,21 +1882,21 @@ msgstr "Neuen Benutzer erstellen"
 msgid "Login"
 msgstr "Login"
 
-#: pretix/control/templates/pretixcontrol/base.html:30
+#: pretix/control/templates/pretixcontrol/base.html:31
 msgid "Toggle navigation"
 msgstr "Navigation umschalten"
 
-#: pretix/control/templates/pretixcontrol/base.html:49
-#: pretix/control/templates/pretixcontrol/base.html:76
+#: pretix/control/templates/pretixcontrol/base.html:50
+#: pretix/control/templates/pretixcontrol/base.html:77
 msgid "Event overview"
 msgstr "Überblick"
 
-#: pretix/control/templates/pretixcontrol/base.html:67
-#: pretix/control/templates/pretixcontrol/base.html:69
+#: pretix/control/templates/pretixcontrol/base.html:68
+#: pretix/control/templates/pretixcontrol/base.html:70
 msgid "Log out"
 msgstr "Abmelden"
 
-#: pretix/control/templates/pretixcontrol/base.html:92
+#: pretix/control/templates/pretixcontrol/base.html:93
 #: pretix/control/templates/pretixcontrol/dashboard.html:3
 #: pretix/control/templates/pretixcontrol/dashboard.html:5
 #: pretix/control/templates/pretixcontrol/event/base.html:10
@@ -2068,9 +2084,9 @@ msgstr "Installierte Erweiterungen"
 #: pretix/control/views/event.py:69 pretix/control/views/event.py:126
 #: pretix/control/views/event.py:195 pretix/control/views/event.py:255
 #: pretix/control/views/event.py:314 pretix/control/views/event.py:424
-#: pretix/control/views/item.py:139 pretix/control/views/item.py:298
-#: pretix/control/views/item.py:427 pretix/control/views/item.py:508
-#: pretix/control/views/item.py:537 pretix/control/views/item.py:601
+#: pretix/control/views/item.py:139 pretix/control/views/item.py:362
+#: pretix/control/views/item.py:502 pretix/control/views/item.py:583
+#: pretix/control/views/item.py:612 pretix/control/views/item.py:676
 #: pretix/control/views/organizer.py:38 pretix/control/views/user.py:29
 #: pretix/control/views/vouchers.py:82
 msgid "Your changes have been saved."
@@ -2106,8 +2122,8 @@ msgstr "Dieses Plugin hat folgende Probleme gemeldet:"
 #: pretix/control/templates/pretixcontrol/item/base.html:11
 #: pretix/control/templates/pretixcontrol/item/index.html:8
 #: pretix/control/templates/pretixcontrol/items/category.html:11
-#: pretix/control/templates/pretixcontrol/items/question.html:11
-#: pretix/control/templates/pretixcontrol/items/quota.html:11
+#: pretix/control/templates/pretixcontrol/items/question.html:12
+#: pretix/control/templates/pretixcontrol/items/quota.html:13
 #: pretix/control/templates/pretixcontrol/organizers/create.html:11
 #: pretix/control/templates/pretixcontrol/organizers/detail.html:11
 msgid "General information"
@@ -2144,7 +2160,7 @@ msgstr ""
 #: pretix/control/templates/pretixcontrol/events/index.html:9
 #: pretix/control/templates/pretixcontrol/events/start.html:3
 #: pretix/control/templates/pretixcontrol/events/start.html:5
-#: pretix/control/views/dashboards.py:148
+#: pretix/control/views/dashboards.py:149
 msgid "Create a new event"
 msgstr "Neue Veranstaltung erstellen"
 
@@ -2325,11 +2341,11 @@ msgstr "Neues Produkt hinzufügen"
 msgid "Product name"
 msgstr "Produktbezeichnung"
 
-#: pretix/control/templates/pretixcontrol/items/question.html:17
+#: pretix/control/templates/pretixcontrol/items/question.html:18
 msgid "Apply to products"
 msgstr "Auf Produkte anwenden"
 
-#: pretix/control/templates/pretixcontrol/items/question.html:21
+#: pretix/control/templates/pretixcontrol/items/question.html:22
 msgid ""
 "If you mark a Yes/No question as required, it means that the user has to "
 "select Yes and No is not accepted. If you want to allow both options, do not "
@@ -2338,6 +2354,22 @@ msgstr ""
 "Wenn Sie eine Ja/Nein-Frage als erforderlich markieren, muss der Benutzer "
 "„Ja” auswählen, „Nein“ wird nicht als Antwort akzeptiert."
 
+#: pretix/control/templates/pretixcontrol/items/question.html:28
+#, fuzzy
+#| msgid "Answers"
+msgid "Answer options"
+msgstr "Antworten"
+
+#: pretix/control/templates/pretixcontrol/items/question.html:30
+msgid "Only applicable if you choose 'Choose one/multiple from a list' above."
+msgstr ""
+
+#: pretix/control/templates/pretixcontrol/items/question.html:76
+#, fuzzy
+#| msgid "Add a new variation"
+msgid "Add a new option"
+msgstr "Neue Variante hinzufügen"
+
 #: pretix/control/templates/pretixcontrol/items/question_delete.html:4
 #: pretix/control/templates/pretixcontrol/items/question_delete.html:6
 msgid "Delete question"
@@ -2365,11 +2397,11 @@ msgstr "Frage erstellen"
 msgid "Type"
 msgstr "Typ"
 
-#: pretix/control/templates/pretixcontrol/items/quota.html:14
+#: pretix/control/templates/pretixcontrol/items/quota.html:16
 msgid "Items"
 msgstr "Produkte"
 
-#: pretix/control/templates/pretixcontrol/items/quota.html:16
+#: pretix/control/templates/pretixcontrol/items/quota.html:18
 msgid ""
 "Please select the products or product variations this quota should be "
 "applied to. If you apply two quotas to the same product, it will only be "
@@ -2380,6 +2412,38 @@ msgstr ""
 "hinzufügen, wird es nur verkauft, wenn <strong>beide</strong>Kontingente "
 "noch übrige Kapazität haben."
 
+#: pretix/control/templates/pretixcontrol/items/quota.html:51
+#, fuzzy
+#| msgid "Availability"
+msgid "Availability calculation"
+msgstr "Verfügbarkeit"
+
+#: pretix/control/templates/pretixcontrol/items/quota.html:53
+#, fuzzy
+#| msgid "Total amount"
+msgid "Total quota"
+msgstr "Gesamtbetrag"
+
+#: pretix/control/templates/pretixcontrol/items/quota.html:57
+msgid "Paid orders"
+msgstr "Bezahlte Bestellungen"
+
+#: pretix/control/templates/pretixcontrol/items/quota.html:61
+#, fuzzy
+#| msgid "Place binding order"
+msgid "Pending orders"
+msgstr "Zahlungspflichtig bestellen"
+
+#: pretix/control/templates/pretixcontrol/items/quota.html:69
+msgid "Current user's carts"
+msgstr ""
+
+#: pretix/control/templates/pretixcontrol/items/quota.html:73
+#, fuzzy
+#| msgid "Availability"
+msgid "Current availability"
+msgstr "Verfügbarkeit"
+
 #: pretix/control/templates/pretixcontrol/items/quota_delete.html:4
 #: pretix/control/templates/pretixcontrol/items/quota_delete.html:6
 msgid "Delete quota"
@@ -2504,8 +2568,8 @@ msgstr "nicht beantwortet"
 #: pretix/control/templates/pretixcontrol/order/index.html:161
 #: pretix/presale/templates/pretixpresale/event/fragment_cart.html:72
 #: pretix/presale/templates/pretixpresale/event/fragment_cart.html:90
-#: pretix/presale/templates/pretixpresale/event/index.html:118
-#: pretix/presale/templates/pretixpresale/event/index.html:169
+#: pretix/presale/templates/pretixpresale/event/index.html:117
+#: pretix/presale/templates/pretixpresale/event/index.html:167
 #, python-format
 msgid "incl. %(rate)s%% taxes"
 msgstr "inkl. %(rate)s%% MwSt."
@@ -2718,41 +2782,41 @@ msgstr ""
 msgid "You can now login using your new password."
 msgstr "Sie können sich nun mit Ihrem neuen Passwort anmelden."
 
-#: pretix/control/views/dashboards.py:41
+#: pretix/control/views/dashboards.py:42
 msgid "Attendees (ordered)"
 msgstr "Teilnehmer (bestellt)"
 
-#: pretix/control/views/dashboards.py:50
+#: pretix/control/views/dashboards.py:51
 msgid "Attendees (paid)"
 msgstr "Teilnehmer (bezahlt)"
 
-#: pretix/control/views/dashboards.py:60
+#: pretix/control/views/dashboards.py:61
 #, python-brace-format
 msgid "Total revenue ({currency})"
 msgstr "Gesamtumsatz ({currency})"
 
-#: pretix/control/views/dashboards.py:69
+#: pretix/control/views/dashboards.py:70
 msgid "Active products"
 msgstr "Aktive Produkte"
 
-#: pretix/control/views/dashboards.py:87
+#: pretix/control/views/dashboards.py:88
 #, python-brace-format
 msgid "{quota} left"
 msgstr "{quota} übrig"
 
-#: pretix/control/views/dashboards.py:100
+#: pretix/control/views/dashboards.py:101
 msgid "Your ticket shop is"
 msgstr "Ihr Ticket-Shop ist"
 
-#: pretix/control/views/dashboards.py:100
+#: pretix/control/views/dashboards.py:101
 msgid "Click here to change"
 msgstr "Hier klicken zum Ändern"
 
-#: pretix/control/views/dashboards.py:101
+#: pretix/control/views/dashboards.py:102
 msgid "live"
 msgstr "online"
 
-#: pretix/control/views/dashboards.py:101
+#: pretix/control/views/dashboards.py:102
 msgid "not yet public"
 msgstr "deaktiviert"
 
@@ -2814,7 +2878,7 @@ msgstr ""
 "Wir haben Ihren Shop ausgeschaltet. Sie können ihn hier jederzeit wieder "
 "einschalten."
 
-#: pretix/control/views/item.py:55 pretix/control/views/item.py:640
+#: pretix/control/views/item.py:55 pretix/control/views/item.py:715
 msgid "The requested product does not exist."
 msgstr "Das ausgewählte Produkt existiert nicht."
 
@@ -2839,7 +2903,7 @@ msgstr "Eine neue Kategorie wurde erstellt."
 msgid "The order of categories as been updated."
 msgstr "Die Reihenfolge der Kategorien wurde gespeichert."
 
-#: pretix/control/views/item.py:252 pretix/control/views/item.py:288
+#: pretix/control/views/item.py:252 pretix/control/views/item.py:348
 msgid "The requested question does not exist."
 msgstr "Die ausgewählte Frage existiert nicht."
 
@@ -2847,31 +2911,31 @@ msgstr "Die ausgewählte Frage existiert nicht."
 msgid "The selected question has been deleted."
 msgstr "Die ausgewählte Frage wurde gelöscht."
 
-#: pretix/control/views/item.py:328
+#: pretix/control/views/item.py:399
 msgid "The new question has been created."
 msgstr "Eine neue Frage wurde erstellt."
 
-#: pretix/control/views/item.py:404
+#: pretix/control/views/item.py:479
 msgid "The new quota has been created."
 msgstr "Ein neues Kontingent wurde erstellt."
 
-#: pretix/control/views/item.py:423 pretix/control/views/item.py:455
+#: pretix/control/views/item.py:498 pretix/control/views/item.py:530
 msgid "The requested quota does not exist."
 msgstr "Das ausgewählte Kontingent existiert nicht."
 
-#: pretix/control/views/item.py:468
+#: pretix/control/views/item.py:543
 msgid "The selected quota has been deleted."
 msgstr "Das ausgewählte Kontingent wurde gelöscht."
 
-#: pretix/control/views/item.py:491
+#: pretix/control/views/item.py:566
 msgid "The requested item does not exist."
 msgstr "Das ausgewählte Produkt existiert nicht."
 
-#: pretix/control/views/item.py:650
+#: pretix/control/views/item.py:725
 msgid "The selected product has been deleted."
 msgstr "Das ausgewählte Produkt wurde gelöscht."
 
-#: pretix/control/views/item.py:659
+#: pretix/control/views/item.py:734
 msgid "The selected product has been deactivated."
 msgstr "Das ausgewählte Produkt wurde deaktiviert."
 
@@ -3430,12 +3494,12 @@ msgstr "Dieses Plugin erlaubt, die pretixdroid-Android-App zu verwenden."
 msgid "pretixdroid"
 msgstr "pretixdroid"
 
-#: pretix/plugins/pretixdroid/templates/pretixplugins/pretixdroid/configuration.html:4
-#: pretix/plugins/pretixdroid/templates/pretixplugins/pretixdroid/configuration.html:6
+#: pretix/plugins/pretixdroid/templates/pretixplugins/pretixdroid/configuration.html:5
+#: pretix/plugins/pretixdroid/templates/pretixplugins/pretixdroid/configuration.html:7
 msgid "pretixdroid configuration"
 msgstr "pretixdroid-Konfiguration"
 
-#: pretix/plugins/pretixdroid/templates/pretixplugins/pretixdroid/configuration.html:7
+#: pretix/plugins/pretixdroid/templates/pretixplugins/pretixdroid/configuration.html:8
 msgid ""
 "pretixdroid is an Android app that you can use to control tickets at the "
 "entrance of your event. If you try to configure the app, it will ask you to "
@@ -3445,7 +3509,7 @@ msgstr ""
 "die Tickets konfigurieren können. Bei der Einrichtung der App werden Sie "
 "aufgefordert, den untenstehenden Code zu scannen."
 
-#: pretix/plugins/pretixdroid/templates/pretixplugins/pretixdroid/configuration.html:17
+#: pretix/plugins/pretixdroid/templates/pretixplugins/pretixdroid/configuration.html:14
 msgid "Reset authentication token"
 msgstr "Authentifizierungstoken zurücksetzen"
 
@@ -3523,20 +3587,6 @@ msgstr "Bestellungen nach Datum"
 msgid "Revenue over time"
 msgstr "Umsatzverlauf"
 
-#: pretix/plugins/statistics/templates/pretixplugins/statistics/index.html:38
-#: pretix/plugins/statistics/templates/pretixplugins/statistics/index.html:61
-msgid "Placed orders"
-msgstr "Getätigte Bestellungen"
-
-#: pretix/plugins/statistics/templates/pretixplugins/statistics/index.html:38
-#: pretix/plugins/statistics/templates/pretixplugins/statistics/index.html:61
-msgid "Paid orders"
-msgstr "Bezahlte Bestellungen"
-
-#: pretix/plugins/statistics/templates/pretixplugins/statistics/index.html:50
-msgid "Total revenue"
-msgstr "Gesamtumsatz"
-
 #: pretix/plugins/stripe/__init__.py:18
 msgid "This plugin allows you to receive credit card payments via Stripe"
 msgstr "Dieses Plugin erlaubt, Kreditkartenzahlungen über Stripe anzunehmen"
@@ -3693,10 +3743,6 @@ msgstr ""
 msgid "Unknown reason"
 msgstr "Unbekannter Grund"
 
-#: pretix/plugins/stripe/templates/pretixplugins/stripe/presale_head.html:10
-msgid "Contacting Stripe…"
-msgstr "Kontaktiere Stripe…"
-
 #: pretix/plugins/ticketoutputpdf/__init__.py:11
 #: pretix/plugins/ticketoutputpdf/__init__.py:15
 msgid "PDF ticket output"
@@ -3838,9 +3884,8 @@ msgstr ""
 "Die ausgewählte Veranstaltung oder der gesuchte Veranstalter wurde nicht "
 "gefunden."
 
-#: pretix/presale/templates/pretixpresale/base.html:40
-#: pretix/presale/templates/pretixpresale/base.html:44
-#: pretix/presale/templates/pretixpresale/waiting.html:21
+#: pretix/presale/templates/pretixpresale/base.html:42
+#: pretix/presale/templates/pretixpresale/waiting.html:22
 msgid "We are processing your request…"
 msgstr "Wir verarbeiten Ihre Anfrage…"
 
@@ -3983,12 +4028,12 @@ msgstr "ab %(currency)s %(minprice)s"
 msgid "Show variants"
 msgstr "Varianten zeigen"
 
-#: pretix/presale/templates/pretixpresale/event/index.html:193
-#: pretix/presale/templates/pretixpresale/event/index.html:203
+#: pretix/presale/templates/pretixpresale/event/index.html:191
+#: pretix/presale/templates/pretixpresale/event/index.html:201
 msgid "Redeem a voucher"
 msgstr "Gutschein einlösen"
 
-#: pretix/presale/templates/pretixpresale/event/index.html:213
+#: pretix/presale/templates/pretixpresale/event/index.html:211
 msgid "Add to cart"
 msgstr "Zum Warenkorb hinzufügen"
 
@@ -4162,18 +4207,27 @@ msgstr "Sie können diese Bestellung nicht bearbeiten"
 msgid "Ticket download is not (yet) enabled."
 msgstr "Der Ticket-Download ist (noch) nicht freigeschaltet."
 
-#: pretix/settings.py:209
+#: pretix/settings.py:210
 msgid "English"
 msgstr "Englisch"
 
-#: pretix/settings.py:210
+#: pretix/settings.py:211
 msgid "German"
 msgstr "Deutsch"
 
-#: pretix/settings.py:211
+#: pretix/settings.py:212
 msgid "German (informal)"
 msgstr "Deutsch (Du)"
 
+#~ msgid "Placed orders"
+#~ msgstr "Getätigte Bestellungen"
+
+#~ msgid "Total revenue"
+#~ msgstr "Gesamtumsatz"
+
+#~ msgid "Contacting Stripe…"
+#~ msgstr "Kontaktiere Stripe…"
+
 #~ msgid "Sold out (or reserved)"
 #~ msgstr "Ausverkauft (oder reserviert)"
 
@@ -4524,9 +4578,6 @@ msgstr "Deutsch (Du)"
 #~ msgid "Create new item"
 #~ msgstr "Neues Produkt erstellen"
 
-#~ msgid "Answers"
-#~ msgstr "Antworten"
-
 #~ msgid "Session key"
 #~ msgstr "Sitzung"
 
diff --git a/src/pretix/locale/de/LC_MESSAGES/djangojs.po b/src/pretix/locale/de/LC_MESSAGES/djangojs.po
index a13c80727d..4e89b54f6c 100644
--- a/src/pretix/locale/de/LC_MESSAGES/djangojs.po
+++ b/src/pretix/locale/de/LC_MESSAGES/djangojs.po
@@ -7,17 +7,35 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-04-10 14:29+0000\n"
-"PO-Revision-Date: 2016-04-10 16:29+0200\n"
+"POT-Creation-Date: 2016-04-10 15:19+0000\n"
+"PO-Revision-Date: 2016-04-10 17:20+0200\n"
+"Last-Translator: Raphael Michel <michel@rami.io>\n"
+"Language-Team: \n"
 "Language: de\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"Last-Translator: Raphael Michel <michel@rami.io>\n"
-"Language-Team: \n"
 "X-Generator: Poedit 1.8.7.1\n"
 
+#: pretix/plugins/statistics/static/pretixplugins/statistics/statistics.js:9
+#: pretix/plugins/statistics/static/pretixplugins/statistics/statistics.js:32
+msgid "Placed orders"
+msgstr "Getätigte Bestellungen"
+
+#: pretix/plugins/statistics/static/pretixplugins/statistics/statistics.js:9
+#: pretix/plugins/statistics/static/pretixplugins/statistics/statistics.js:32
+msgid "Paid orders"
+msgstr "Bezahlte Bestellungen"
+
+#: pretix/plugins/statistics/static/pretixplugins/statistics/statistics.js:21
+msgid "Total revenue"
+msgstr "Gesamtumsatz"
+
+#: pretix/plugins/stripe/static/pretixplugins/stripe/pretix-stripe.js:47
+msgid "Contacting Stripe…"
+msgstr "Kontaktiere Stripe…"
+
 #: static/pretixpresale/js/ui/asynctask.js:59
 msgid "We are processing your request…"
 msgstr "Wir verarbeiten deine Anfrage…"
diff --git a/src/pretix/locale/de_Informal/LC_MESSAGES/django.po b/src/pretix/locale/de_Informal/LC_MESSAGES/django.po
index 329b539eda..5ef3c4e310 100644
--- a/src/pretix/locale/de_Informal/LC_MESSAGES/django.po
+++ b/src/pretix/locale/de_Informal/LC_MESSAGES/django.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: 1\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-03-24 17:04+0000\n"
+"POT-Creation-Date: 2016-04-10 15:19+0000\n"
 "PO-Revision-Date: 2016-03-24 18:09+0100\n"
 "Last-Translator: Raphael Michel <michel@rami.io>\n"
 "Language-Team: Raphael Michel <michel@rami.io>\n"
@@ -148,8 +148,8 @@ msgstr "Benutzer"
 msgid "%(family)s, %(given)s"
 msgstr "%(family)s, %(given)s"
 
-#: pretix/base/models/event.py:55 pretix/base/models/items.py:428
-#: pretix/base/models/orders.py:502 pretix/base/models/organizer.py:25
+#: pretix/base/models/event.py:55 pretix/base/models/items.py:441
+#: pretix/base/models/orders.py:505 pretix/base/models/organizer.py:25
 #: pretix/control/templates/pretixcontrol/order/index.html:215
 #: pretix/presale/templates/pretixpresale/event/checkout_confirm.html:77
 #: pretix/presale/templates/pretixpresale/event/order.html:137
@@ -227,14 +227,14 @@ msgid "Plugins"
 msgstr "Erweiterungen"
 
 #: pretix/base/models/event.py:99 pretix/base/models/items.py:109
-#: pretix/base/models/items.py:424 pretix/base/models/orders.py:95
-#: pretix/base/models/orders.py:464 pretix/base/models/vouchers.py:25
+#: pretix/base/models/items.py:437 pretix/base/models/orders.py:95
+#: pretix/base/models/orders.py:467 pretix/base/models/vouchers.py:25
 #: pretix/base/services/invoices.py:212
 msgid "Event"
 msgstr "Veranstaltung"
 
 #: pretix/base/models/event.py:100
-#: pretix/control/templates/pretixcontrol/base.html:98
+#: pretix/control/templates/pretixcontrol/base.html:99
 #: pretix/control/templates/pretixcontrol/events/index.html:3
 #: pretix/control/templates/pretixcontrol/events/index.html:5
 msgid "Events"
@@ -387,7 +387,7 @@ msgstr "Dieses Produkt wird nach diesem Termin nicht mehr verkauft."
 msgid "Product"
 msgstr "Produkt"
 
-#: pretix/base/models/items.py:176 pretix/base/models/items.py:346
+#: pretix/base/models/items.py:176 pretix/base/models/items.py:351
 #: pretix/control/templates/pretixcontrol/event/base.html:68
 #: pretix/control/templates/pretixcontrol/event/base.html:75
 #: pretix/control/templates/pretixcontrol/items/base.html:3
@@ -409,7 +409,7 @@ msgstr "Variante"
 msgid "Product variations"
 msgstr "Varianten"
 
-#: pretix/base/models/items.py:321 pretix/plugins/reports/exporters.py:157
+#: pretix/base/models/items.py:324 pretix/plugins/reports/exporters.py:157
 #: pretix/plugins/reports/exporters.py:158
 #: pretix/plugins/reports/exporters.py:159
 #: pretix/plugins/reports/exporters.py:160
@@ -417,69 +417,84 @@ msgstr "Varianten"
 msgid "Number"
 msgstr "Zahl"
 
-#: pretix/base/models/items.py:322
+#: pretix/base/models/items.py:325
 msgid "Text (one line)"
 msgstr "Text (einzeilig)"
 
-#: pretix/base/models/items.py:323
+#: pretix/base/models/items.py:326
 msgid "Multiline text"
 msgstr "Text (mehrzeilig)"
 
-#: pretix/base/models/items.py:324
+#: pretix/base/models/items.py:327
 msgid "Yes/No"
 msgstr "Ja/Nein"
 
-#: pretix/base/models/items.py:332 pretix/base/models/items.py:352
-#: pretix/control/templates/pretixcontrol/items/question.html:4
-#: pretix/control/templates/pretixcontrol/items/question.html:6
+#: pretix/base/models/items.py:328
+msgid "Choose one from a list"
+msgstr ""
+
+#: pretix/base/models/items.py:329
+msgid "Choose multiple from a list"
+msgstr ""
+
+#: pretix/base/models/items.py:337 pretix/base/models/items.py:357
+#: pretix/control/forms/item.py:25
+#: pretix/control/templates/pretixcontrol/items/question.html:5
+#: pretix/control/templates/pretixcontrol/items/question.html:7
 #: pretix/control/templates/pretixcontrol/items/questions.html:13
 msgid "Question"
 msgstr "Frage"
 
-#: pretix/base/models/items.py:337
+#: pretix/base/models/items.py:342
 msgid "Question type"
 msgstr "Art der Antwort"
 
-#: pretix/base/models/items.py:341
+#: pretix/base/models/items.py:346
 msgid "Required question"
 msgstr "Antwort erforderlich"
 
-#: pretix/base/models/items.py:348
+#: pretix/base/models/items.py:353
 msgid "This question will be asked to buyers of the selected products"
 msgstr "Diese Frage wird allen Käufern der ausgewählten Produkte gestellt"
 
-#: pretix/base/models/items.py:353
+#: pretix/base/models/items.py:358
 #: pretix/control/templates/pretixcontrol/event/base.html:92
 #: pretix/control/templates/pretixcontrol/items/questions.html:3
 #: pretix/control/templates/pretixcontrol/items/questions.html:5
 msgid "Questions"
 msgstr "Fragen"
 
-#: pretix/base/models/items.py:431
+#: pretix/base/models/items.py:376
+#, fuzzy
+#| msgid "Answers"
+msgid "Answer"
+msgstr "Antworten"
+
+#: pretix/base/models/items.py:444
 #: pretix/control/templates/pretixcontrol/items/quotas.html:15
 msgid "Total capacity"
 msgstr "Gesamtanzahl"
 
-#: pretix/base/models/items.py:433
+#: pretix/base/models/items.py:446
 msgid "Leave empty for an unlimited number of tickets."
 msgstr "Leer lassen für unbegrenzt viele Tickets."
 
-#: pretix/base/models/items.py:437 pretix/base/models/orders.py:325
+#: pretix/base/models/items.py:450 pretix/base/models/orders.py:328
 msgid "Item"
 msgstr "Produkt"
 
-#: pretix/base/models/items.py:445
+#: pretix/base/models/items.py:458
 #: pretix/control/templates/pretixcontrol/item/base.html:16
 msgid "Variations"
 msgstr "Varianten"
 
-#: pretix/base/models/items.py:449
+#: pretix/base/models/items.py:462
 #: pretix/control/templates/pretixcontrol/items/quota.html:4
 #: pretix/control/templates/pretixcontrol/items/quota.html:6
 msgid "Quota"
 msgstr "Kontingent"
 
-#: pretix/base/models/items.py:450
+#: pretix/base/models/items.py:463
 #: pretix/control/templates/pretixcontrol/event/base.html:80
 #: pretix/control/templates/pretixcontrol/items/quotas.html:3
 #: pretix/control/templates/pretixcontrol/items/quotas.html:5
@@ -526,14 +541,14 @@ msgstr "Status"
 msgid "Locale"
 msgstr "Sprache"
 
-#: pretix/base/models/orders.py:108 pretix/base/models/orders.py:471
+#: pretix/base/models/orders.py:108 pretix/base/models/orders.py:474
 #: pretix/plugins/banktransfer/templates/pretixplugins/banktransfer/import_assign.html:17
 #: pretix/plugins/banktransfer/templates/pretixplugins/banktransfer/import_confirm.html:13
 #: pretix/presale/templates/pretixpresale/organizers/index.html:22
 msgid "Date"
 msgstr "Datum"
 
-#: pretix/base/models/orders.py:111 pretix/base/models/orders.py:475
+#: pretix/base/models/orders.py:111 pretix/base/models/orders.py:478
 #: pretix/plugins/stripe/templates/pretixplugins/stripe/checkout_payment_form.html:23
 msgid "Expiration date"
 msgstr "Ablaufdatum"
@@ -575,7 +590,7 @@ msgstr "Der Bestellungsstatus wurde manuell verändert"
 msgid "Total amount"
 msgstr "Gesamtbetrag"
 
-#: pretix/base/models/orders.py:148 pretix/base/models/orders.py:393
+#: pretix/base/models/orders.py:148 pretix/base/models/orders.py:396
 #: pretix/plugins/banktransfer/templates/pretixplugins/banktransfer/import_confirm.html:17
 msgid "Order"
 msgstr "Bestellung"
@@ -596,25 +611,25 @@ msgstr "Die Zahlung kommt zu spät, um akzeptiert werden zu können."
 msgid "Some of the ordered products were no longer available."
 msgstr "Einige der ausgewählten Produkte sind nicht mehr verfügbar."
 
-#: pretix/base/models/orders.py:293
+#: pretix/base/models/orders.py:291
 #: pretix/control/templates/pretixcontrol/vouchers/index.html:28
 msgid "Yes"
 msgstr "Ja"
 
-#: pretix/base/models/orders.py:295
+#: pretix/base/models/orders.py:293
 #: pretix/control/templates/pretixcontrol/vouchers/index.html:28
 msgid "No"
 msgstr "Nein"
 
-#: pretix/base/models/orders.py:331
+#: pretix/base/models/orders.py:334
 msgid "Variation"
 msgstr "Variante"
 
-#: pretix/base/models/orders.py:336
+#: pretix/base/models/orders.py:339
 msgid "Price"
 msgstr "Preis"
 
-#: pretix/base/models/orders.py:340
+#: pretix/base/models/orders.py:343
 #: pretix/control/templates/pretixcontrol/attendees/index.html:34
 #: pretix/control/templates/pretixcontrol/order/index.html:122
 #: pretix/presale/forms/checkout.py:67
@@ -622,69 +637,69 @@ msgstr "Preis"
 msgid "Attendee name"
 msgstr "Name des Teilnehmers"
 
-#: pretix/base/models/orders.py:342
+#: pretix/base/models/orders.py:345
 msgid "Empty, if this product is not an admission ticket"
 msgstr "Leer, wenn dies kein Eintrittsticket ist"
 
-#: pretix/base/models/orders.py:399
+#: pretix/base/models/orders.py:402
 msgid "Tax rate"
 msgstr "Steuersatz"
 
-#: pretix/base/models/orders.py:403
+#: pretix/base/models/orders.py:406
 msgid "Tax value"
 msgstr "Steuer"
 
-#: pretix/base/models/orders.py:408
+#: pretix/base/models/orders.py:411
 msgid "Order position"
 msgstr "Bestelltes Produkt"
 
-#: pretix/base/models/orders.py:409
+#: pretix/base/models/orders.py:412
 msgid "Order positions"
 msgstr "Bestellzeile"
 
-#: pretix/base/models/orders.py:468
+#: pretix/base/models/orders.py:471
 msgid "Cart ID (e.g. session key)"
 msgstr "Warenkorb-ID (z.B. Session-ID)"
 
-#: pretix/base/models/orders.py:479
+#: pretix/base/models/orders.py:482
 msgid "Cart position"
 msgstr "Produkt im Warenkorb"
 
-#: pretix/base/models/orders.py:480
+#: pretix/base/models/orders.py:483
 msgid "Cart positions"
 msgstr "Produkte im Warenkorb"
 
-#: pretix/base/models/orders.py:501
+#: pretix/base/models/orders.py:504
 msgid "Company name"
 msgstr "Firmenname"
 
-#: pretix/base/models/orders.py:503
+#: pretix/base/models/orders.py:506
 #: pretix/control/templates/pretixcontrol/order/index.html:217
 #: pretix/presale/templates/pretixpresale/event/checkout_confirm.html:79
 #: pretix/presale/templates/pretixpresale/event/order.html:139
 msgid "Address"
 msgstr "Adresse"
 
-#: pretix/base/models/orders.py:504
+#: pretix/base/models/orders.py:507
 msgid "ZIP code"
 msgstr "Postleitzahl"
 
-#: pretix/base/models/orders.py:505
+#: pretix/base/models/orders.py:508
 msgid "City"
 msgstr "Ort"
 
-#: pretix/base/models/orders.py:506
+#: pretix/base/models/orders.py:509
 #: pretix/control/templates/pretixcontrol/order/index.html:221
 #: pretix/presale/templates/pretixpresale/event/checkout_confirm.html:83
 #: pretix/presale/templates/pretixpresale/event/order.html:143
 msgid "Country"
 msgstr "Land"
 
-#: pretix/base/models/orders.py:507
+#: pretix/base/models/orders.py:510
 msgid "Phone number"
 msgstr "Telefonnummer"
 
-#: pretix/base/models/orders.py:508
+#: pretix/base/models/orders.py:511
 #: pretix/control/templates/pretixcontrol/order/index.html:226
 #: pretix/presale/templates/pretixpresale/event/checkout_confirm.html:88
 #: pretix/presale/templates/pretixpresale/event/order.html:148
@@ -699,7 +714,7 @@ msgid "Organizer"
 msgstr "Veranstalter"
 
 #: pretix/base/models/organizer.py:44
-#: pretix/control/templates/pretixcontrol/base.html:104
+#: pretix/control/templates/pretixcontrol/base.html:105
 #: pretix/control/templates/pretixcontrol/organizers/index.html:3
 #: pretix/control/templates/pretixcontrol/organizers/index.html:5
 msgid "Organizers"
@@ -719,7 +734,7 @@ msgstr "Veranstalter-Berechtigungen"
 
 #: pretix/base/models/vouchers.py:28
 #: pretix/control/templates/pretixcontrol/vouchers/index.html:14
-#: pretix/presale/templates/pretixpresale/event/index.html:198
+#: pretix/presale/templates/pretixpresale/event/index.html:196
 msgid "Voucher code"
 msgstr "Gutscheincode"
 
@@ -784,6 +799,7 @@ msgstr "Gutschein"
 
 #: pretix/base/models/vouchers.py:77
 #: pretix/control/templates/pretixcontrol/event/base.html:138
+#: pretix/control/templates/pretixcontrol/items/quota.html:65
 #: pretix/control/templates/pretixcontrol/vouchers/index.html:3
 #: pretix/control/templates/pretixcontrol/vouchers/index.html:5
 msgid "Vouchers"
@@ -1257,13 +1273,13 @@ msgstr ""
 "Bitte gehe zurück zur letzten Seite, lade die Seite neu und probiere es dann "
 "erneut. Wenn das Problem fortbesteht, wende dich bitte an uns."
 
-#: pretix/base/templates/pretixbase/cachedfiles/pending.html:19
+#: pretix/base/templates/pretixbase/cachedfiles/pending.html:20
 msgid "We are preparing your file for download…"
 msgstr "Wir bereiten deine Datei zum Download vor…"
 
-#: pretix/base/templates/pretixbase/cachedfiles/pending.html:21
-#: pretix/presale/templates/pretixpresale/base.html:46
-#: pretix/presale/templates/pretixpresale/waiting.html:24
+#: pretix/base/templates/pretixbase/cachedfiles/pending.html:22
+#: pretix/presale/templates/pretixpresale/base.html:44
+#: pretix/presale/templates/pretixpresale/waiting.html:25
 msgid "If this takes longer than a few minutes, please contact us."
 msgstr "Wenn dies länger als ein paar Minuten dauert, kontaktiere uns bitte."
 
@@ -1665,19 +1681,19 @@ msgstr "Download-Datum"
 msgid "Ticket download will be offered after this date."
 msgstr "Der Ticket-Download wird zu diesem Zeitpunkt freigeschaltet."
 
-#: pretix/control/forms/item.py:60
+#: pretix/control/forms/item.py:77
 msgid "Activate for"
 msgstr "aktiviert für"
 
-#: pretix/control/forms/item.py:68
+#: pretix/control/forms/item.py:85
 msgid "Activate"
 msgstr "aktiviert"
 
-#: pretix/control/forms/item.py:106
+#: pretix/control/forms/item.py:123
 msgid "The product should exist in multiple variations"
 msgstr "Das Produkt soll in mehreren Varianten existieren"
 
-#: pretix/control/forms/item.py:107
+#: pretix/control/forms/item.py:124
 msgid ""
 "Select this option e.g. for t-shirts that come in multiple sizes. You can "
 "select the variations in the next step."
@@ -1801,8 +1817,8 @@ msgid "Filter"
 msgstr "Filter"
 
 #: pretix/control/templates/pretixcontrol/auth/base.html:29
-#: pretix/control/templates/pretixcontrol/base.html:126
-#: pretix/presale/templates/pretixpresale/base.html:34
+#: pretix/control/templates/pretixcontrol/base.html:127
+#: pretix/presale/templates/pretixpresale/base.html:35
 #, python-format
 msgid "powered by <a %(a_attr)s>pretix</a>"
 msgstr "powered by <a %(a_attr)s>pretix</a>"
@@ -1843,8 +1859,8 @@ msgstr "Neues Passwort setzen"
 #: pretix/control/templates/pretixcontrol/item/index.html:32
 #: pretix/control/templates/pretixcontrol/item/variations.html:83
 #: pretix/control/templates/pretixcontrol/items/category.html:16
-#: pretix/control/templates/pretixcontrol/items/question.html:28
-#: pretix/control/templates/pretixcontrol/items/quota.html:46
+#: pretix/control/templates/pretixcontrol/items/question.html:82
+#: pretix/control/templates/pretixcontrol/items/quota.html:82
 #: pretix/control/templates/pretixcontrol/order/extend.html:22
 #: pretix/control/templates/pretixcontrol/organizers/create.html:17
 #: pretix/control/templates/pretixcontrol/organizers/detail.html:17
@@ -1861,21 +1877,21 @@ msgstr "Neuen Benutzer erstellen"
 msgid "Login"
 msgstr "Login"
 
-#: pretix/control/templates/pretixcontrol/base.html:30
+#: pretix/control/templates/pretixcontrol/base.html:31
 msgid "Toggle navigation"
 msgstr "Navigation umschalten"
 
-#: pretix/control/templates/pretixcontrol/base.html:49
-#: pretix/control/templates/pretixcontrol/base.html:76
+#: pretix/control/templates/pretixcontrol/base.html:50
+#: pretix/control/templates/pretixcontrol/base.html:77
 msgid "Event overview"
 msgstr "Überblick"
 
-#: pretix/control/templates/pretixcontrol/base.html:67
-#: pretix/control/templates/pretixcontrol/base.html:69
+#: pretix/control/templates/pretixcontrol/base.html:68
+#: pretix/control/templates/pretixcontrol/base.html:70
 msgid "Log out"
 msgstr "Abmelden"
 
-#: pretix/control/templates/pretixcontrol/base.html:92
+#: pretix/control/templates/pretixcontrol/base.html:93
 #: pretix/control/templates/pretixcontrol/dashboard.html:3
 #: pretix/control/templates/pretixcontrol/dashboard.html:5
 #: pretix/control/templates/pretixcontrol/event/base.html:10
@@ -2063,9 +2079,9 @@ msgstr "Installierte Erweiterungen"
 #: pretix/control/views/event.py:69 pretix/control/views/event.py:126
 #: pretix/control/views/event.py:195 pretix/control/views/event.py:255
 #: pretix/control/views/event.py:314 pretix/control/views/event.py:424
-#: pretix/control/views/item.py:139 pretix/control/views/item.py:298
-#: pretix/control/views/item.py:427 pretix/control/views/item.py:508
-#: pretix/control/views/item.py:537 pretix/control/views/item.py:601
+#: pretix/control/views/item.py:139 pretix/control/views/item.py:362
+#: pretix/control/views/item.py:502 pretix/control/views/item.py:583
+#: pretix/control/views/item.py:612 pretix/control/views/item.py:676
 #: pretix/control/views/organizer.py:38 pretix/control/views/user.py:29
 #: pretix/control/views/vouchers.py:82
 msgid "Your changes have been saved."
@@ -2101,8 +2117,8 @@ msgstr "Dieses Plugin hat folgende Probleme gemeldet:"
 #: pretix/control/templates/pretixcontrol/item/base.html:11
 #: pretix/control/templates/pretixcontrol/item/index.html:8
 #: pretix/control/templates/pretixcontrol/items/category.html:11
-#: pretix/control/templates/pretixcontrol/items/question.html:11
-#: pretix/control/templates/pretixcontrol/items/quota.html:11
+#: pretix/control/templates/pretixcontrol/items/question.html:12
+#: pretix/control/templates/pretixcontrol/items/quota.html:13
 #: pretix/control/templates/pretixcontrol/organizers/create.html:11
 #: pretix/control/templates/pretixcontrol/organizers/detail.html:11
 msgid "General information"
@@ -2139,7 +2155,7 @@ msgstr ""
 #: pretix/control/templates/pretixcontrol/events/index.html:9
 #: pretix/control/templates/pretixcontrol/events/start.html:3
 #: pretix/control/templates/pretixcontrol/events/start.html:5
-#: pretix/control/views/dashboards.py:148
+#: pretix/control/views/dashboards.py:149
 msgid "Create a new event"
 msgstr "Neue Veranstaltung erstellen"
 
@@ -2319,11 +2335,11 @@ msgstr "Neues Produkt hinzufügen"
 msgid "Product name"
 msgstr "Produktbezeichnung"
 
-#: pretix/control/templates/pretixcontrol/items/question.html:17
+#: pretix/control/templates/pretixcontrol/items/question.html:18
 msgid "Apply to products"
 msgstr "Auf Produkte anwenden"
 
-#: pretix/control/templates/pretixcontrol/items/question.html:21
+#: pretix/control/templates/pretixcontrol/items/question.html:22
 msgid ""
 "If you mark a Yes/No question as required, it means that the user has to "
 "select Yes and No is not accepted. If you want to allow both options, do not "
@@ -2332,6 +2348,22 @@ msgstr ""
 "Wenn du eine Ja/Nein-Frage als erforderlich markierst, muss der Benutzer "
 "„Ja” auswählen, „Nein“ wird nicht als Antwort akzeptiert."
 
+#: pretix/control/templates/pretixcontrol/items/question.html:28
+#, fuzzy
+#| msgid "Answers"
+msgid "Answer options"
+msgstr "Antworten"
+
+#: pretix/control/templates/pretixcontrol/items/question.html:30
+msgid "Only applicable if you choose 'Choose one/multiple from a list' above."
+msgstr ""
+
+#: pretix/control/templates/pretixcontrol/items/question.html:76
+#, fuzzy
+#| msgid "Add a new variation"
+msgid "Add a new option"
+msgstr "Neue Variante hinzufügen"
+
 #: pretix/control/templates/pretixcontrol/items/question_delete.html:4
 #: pretix/control/templates/pretixcontrol/items/question_delete.html:6
 msgid "Delete question"
@@ -2359,11 +2391,11 @@ msgstr "Frage erstellen"
 msgid "Type"
 msgstr "Typ"
 
-#: pretix/control/templates/pretixcontrol/items/quota.html:14
+#: pretix/control/templates/pretixcontrol/items/quota.html:16
 msgid "Items"
 msgstr "Produkte"
 
-#: pretix/control/templates/pretixcontrol/items/quota.html:16
+#: pretix/control/templates/pretixcontrol/items/quota.html:18
 msgid ""
 "Please select the products or product variations this quota should be "
 "applied to. If you apply two quotas to the same product, it will only be "
@@ -2374,6 +2406,38 @@ msgstr ""
 "wird es nur verkauft, wenn <strong>beide</strong>Kontingente noch übrige "
 "Kapazität haben."
 
+#: pretix/control/templates/pretixcontrol/items/quota.html:51
+#, fuzzy
+#| msgid "Availability"
+msgid "Availability calculation"
+msgstr "Verfügbarkeit"
+
+#: pretix/control/templates/pretixcontrol/items/quota.html:53
+#, fuzzy
+#| msgid "Total amount"
+msgid "Total quota"
+msgstr "Gesamtbetrag"
+
+#: pretix/control/templates/pretixcontrol/items/quota.html:57
+msgid "Paid orders"
+msgstr "Bezahlte Bestellungen"
+
+#: pretix/control/templates/pretixcontrol/items/quota.html:61
+#, fuzzy
+#| msgid "Place binding order"
+msgid "Pending orders"
+msgstr "Zahlungspflichtig bestellen"
+
+#: pretix/control/templates/pretixcontrol/items/quota.html:69
+msgid "Current user's carts"
+msgstr ""
+
+#: pretix/control/templates/pretixcontrol/items/quota.html:73
+#, fuzzy
+#| msgid "Availability"
+msgid "Current availability"
+msgstr "Verfügbarkeit"
+
 #: pretix/control/templates/pretixcontrol/items/quota_delete.html:4
 #: pretix/control/templates/pretixcontrol/items/quota_delete.html:6
 msgid "Delete quota"
@@ -2498,8 +2562,8 @@ msgstr "nicht beantwortet"
 #: pretix/control/templates/pretixcontrol/order/index.html:161
 #: pretix/presale/templates/pretixpresale/event/fragment_cart.html:72
 #: pretix/presale/templates/pretixpresale/event/fragment_cart.html:90
-#: pretix/presale/templates/pretixpresale/event/index.html:118
-#: pretix/presale/templates/pretixpresale/event/index.html:169
+#: pretix/presale/templates/pretixpresale/event/index.html:117
+#: pretix/presale/templates/pretixpresale/event/index.html:167
 #, python-format
 msgid "incl. %(rate)s%% taxes"
 msgstr "inkl. %(rate)s%% MwSt."
@@ -2711,41 +2775,41 @@ msgstr ""
 msgid "You can now login using your new password."
 msgstr "Du kannst dich nun mit deinem neuen Passwort anmelden."
 
-#: pretix/control/views/dashboards.py:41
+#: pretix/control/views/dashboards.py:42
 msgid "Attendees (ordered)"
 msgstr "Teilnehmer (bestellt)"
 
-#: pretix/control/views/dashboards.py:50
+#: pretix/control/views/dashboards.py:51
 msgid "Attendees (paid)"
 msgstr "Teilnehmer (bezahlt)"
 
-#: pretix/control/views/dashboards.py:60
+#: pretix/control/views/dashboards.py:61
 #, python-brace-format
 msgid "Total revenue ({currency})"
 msgstr "Gesamtumsatz ({currency})"
 
-#: pretix/control/views/dashboards.py:69
+#: pretix/control/views/dashboards.py:70
 msgid "Active products"
 msgstr "Aktive Produkte"
 
-#: pretix/control/views/dashboards.py:87
+#: pretix/control/views/dashboards.py:88
 #, python-brace-format
 msgid "{quota} left"
 msgstr "{quota} übrig"
 
-#: pretix/control/views/dashboards.py:100
+#: pretix/control/views/dashboards.py:101
 msgid "Your ticket shop is"
 msgstr "Dein Ticket-Shop ist"
 
-#: pretix/control/views/dashboards.py:100
+#: pretix/control/views/dashboards.py:101
 msgid "Click here to change"
 msgstr "Hier klicken zum Ändern"
 
-#: pretix/control/views/dashboards.py:101
+#: pretix/control/views/dashboards.py:102
 msgid "live"
 msgstr "online"
 
-#: pretix/control/views/dashboards.py:101
+#: pretix/control/views/dashboards.py:102
 msgid "not yet public"
 msgstr "deaktiviert"
 
@@ -2806,7 +2870,7 @@ msgstr ""
 "Wir haben deinen Shop ausgeschaltet. Du kannst ihn hier jederzeit wieder "
 "einschalten."
 
-#: pretix/control/views/item.py:55 pretix/control/views/item.py:640
+#: pretix/control/views/item.py:55 pretix/control/views/item.py:715
 msgid "The requested product does not exist."
 msgstr "Das ausgewählte Produkt existiert nicht."
 
@@ -2831,7 +2895,7 @@ msgstr "Eine neue Kategorie wurde erstellt."
 msgid "The order of categories as been updated."
 msgstr "Die Reihenfolge der Kategorien wurde gespeichert."
 
-#: pretix/control/views/item.py:252 pretix/control/views/item.py:288
+#: pretix/control/views/item.py:252 pretix/control/views/item.py:348
 msgid "The requested question does not exist."
 msgstr "Die ausgewählte Frage existiert nicht."
 
@@ -2839,31 +2903,31 @@ msgstr "Die ausgewählte Frage existiert nicht."
 msgid "The selected question has been deleted."
 msgstr "Die ausgewählte Frage wurde gelöscht."
 
-#: pretix/control/views/item.py:328
+#: pretix/control/views/item.py:399
 msgid "The new question has been created."
 msgstr "Eine neue Frage wurde erstellt."
 
-#: pretix/control/views/item.py:404
+#: pretix/control/views/item.py:479
 msgid "The new quota has been created."
 msgstr "Ein neues Kontingent wurde erstellt."
 
-#: pretix/control/views/item.py:423 pretix/control/views/item.py:455
+#: pretix/control/views/item.py:498 pretix/control/views/item.py:530
 msgid "The requested quota does not exist."
 msgstr "Das ausgewählte Kontingent existiert nicht."
 
-#: pretix/control/views/item.py:468
+#: pretix/control/views/item.py:543
 msgid "The selected quota has been deleted."
 msgstr "Das ausgewählte Kontingent wurde gelöscht."
 
-#: pretix/control/views/item.py:491
+#: pretix/control/views/item.py:566
 msgid "The requested item does not exist."
 msgstr "Das ausgewählte Produkt existiert nicht."
 
-#: pretix/control/views/item.py:650
+#: pretix/control/views/item.py:725
 msgid "The selected product has been deleted."
 msgstr "Das ausgewählte Produkt wurde gelöscht."
 
-#: pretix/control/views/item.py:659
+#: pretix/control/views/item.py:734
 msgid "The selected product has been deactivated."
 msgstr "Das ausgewählte Produkt wurde deaktiviert."
 
@@ -3420,12 +3484,12 @@ msgstr "Dieses Plugin erlaubt, die pretixdroid-Android-App zu verwenden."
 msgid "pretixdroid"
 msgstr "pretixdroid"
 
-#: pretix/plugins/pretixdroid/templates/pretixplugins/pretixdroid/configuration.html:4
-#: pretix/plugins/pretixdroid/templates/pretixplugins/pretixdroid/configuration.html:6
+#: pretix/plugins/pretixdroid/templates/pretixplugins/pretixdroid/configuration.html:5
+#: pretix/plugins/pretixdroid/templates/pretixplugins/pretixdroid/configuration.html:7
 msgid "pretixdroid configuration"
 msgstr "pretixdroid-Konfiguration"
 
-#: pretix/plugins/pretixdroid/templates/pretixplugins/pretixdroid/configuration.html:7
+#: pretix/plugins/pretixdroid/templates/pretixplugins/pretixdroid/configuration.html:8
 msgid ""
 "pretixdroid is an Android app that you can use to control tickets at the "
 "entrance of your event. If you try to configure the app, it will ask you to "
@@ -3435,7 +3499,7 @@ msgstr ""
 "die Tickets konfigurieren kannst. Bei der Einrichtung der App wirst du "
 "aufgefordert, den untenstehenden Code zu scannen."
 
-#: pretix/plugins/pretixdroid/templates/pretixplugins/pretixdroid/configuration.html:17
+#: pretix/plugins/pretixdroid/templates/pretixplugins/pretixdroid/configuration.html:14
 msgid "Reset authentication token"
 msgstr "Authentifizierungstoken zurücksetzen"
 
@@ -3514,20 +3578,6 @@ msgstr "Bestellungen nach Datum"
 msgid "Revenue over time"
 msgstr "Umsatzverlauf"
 
-#: pretix/plugins/statistics/templates/pretixplugins/statistics/index.html:38
-#: pretix/plugins/statistics/templates/pretixplugins/statistics/index.html:61
-msgid "Placed orders"
-msgstr "Getätigte Bestellungen"
-
-#: pretix/plugins/statistics/templates/pretixplugins/statistics/index.html:38
-#: pretix/plugins/statistics/templates/pretixplugins/statistics/index.html:61
-msgid "Paid orders"
-msgstr "Bezahlte Bestellungen"
-
-#: pretix/plugins/statistics/templates/pretixplugins/statistics/index.html:50
-msgid "Total revenue"
-msgstr "Gesamtumsatz"
-
 #: pretix/plugins/stripe/__init__.py:18
 msgid "This plugin allows you to receive credit card payments via Stripe"
 msgstr "Dieses Plugin erlaubt, Kreditkartenzahlungen über Stripe anzunehmen"
@@ -3682,10 +3732,6 @@ msgstr ""
 msgid "Unknown reason"
 msgstr "Unbekannter Grund"
 
-#: pretix/plugins/stripe/templates/pretixplugins/stripe/presale_head.html:10
-msgid "Contacting Stripe…"
-msgstr "Kontaktiere Stripe…"
-
 #: pretix/plugins/ticketoutputpdf/__init__.py:11
 #: pretix/plugins/ticketoutputpdf/__init__.py:15
 msgid "PDF ticket output"
@@ -3827,9 +3873,8 @@ msgstr ""
 "Die ausgewählte Veranstaltung oder der gesuchte Veranstalter wurde nicht "
 "gefunden."
 
-#: pretix/presale/templates/pretixpresale/base.html:40
-#: pretix/presale/templates/pretixpresale/base.html:44
-#: pretix/presale/templates/pretixpresale/waiting.html:21
+#: pretix/presale/templates/pretixpresale/base.html:42
+#: pretix/presale/templates/pretixpresale/waiting.html:22
 msgid "We are processing your request…"
 msgstr "Wir verarbeiten deine Anfrage…"
 
@@ -3971,12 +4016,12 @@ msgstr "ab %(currency)s %(minprice)s"
 msgid "Show variants"
 msgstr "Varianten zeigen"
 
-#: pretix/presale/templates/pretixpresale/event/index.html:193
-#: pretix/presale/templates/pretixpresale/event/index.html:203
+#: pretix/presale/templates/pretixpresale/event/index.html:191
+#: pretix/presale/templates/pretixpresale/event/index.html:201
 msgid "Redeem a voucher"
 msgstr "Gutschein einlösen"
 
-#: pretix/presale/templates/pretixpresale/event/index.html:213
+#: pretix/presale/templates/pretixpresale/event/index.html:211
 msgid "Add to cart"
 msgstr "Zum Warenkorb hinzufügen"
 
@@ -4151,18 +4196,27 @@ msgstr "Du kannst diese Bestellung nicht bearbeiten"
 msgid "Ticket download is not (yet) enabled."
 msgstr "Der Ticket-Download ist (noch) nicht freigeschaltet."
 
-#: pretix/settings.py:209
+#: pretix/settings.py:210
 msgid "English"
 msgstr "Englisch"
 
-#: pretix/settings.py:210
+#: pretix/settings.py:211
 msgid "German"
 msgstr "Deutsch"
 
-#: pretix/settings.py:211
+#: pretix/settings.py:212
 msgid "German (informal)"
 msgstr "Deutsch (Du)"
 
+#~ msgid "Placed orders"
+#~ msgstr "Getätigte Bestellungen"
+
+#~ msgid "Total revenue"
+#~ msgstr "Gesamtumsatz"
+
+#~ msgid "Contacting Stripe…"
+#~ msgstr "Kontaktiere Stripe…"
+
 #~ msgid "Sold out (or reserved)"
 #~ msgstr "Ausverkauft (oder reserviert)"
 
@@ -4510,9 +4564,6 @@ msgstr "Deutsch (Du)"
 #~ msgid "Create new item"
 #~ msgstr "Neues Produkt erstellen"
 
-#~ msgid "Answers"
-#~ msgstr "Antworten"
-
 #~ msgid "Session key"
 #~ msgstr "Sitzung"
 
diff --git a/src/pretix/locale/de_Informal/LC_MESSAGES/djangojs.po b/src/pretix/locale/de_Informal/LC_MESSAGES/djangojs.po
index a13c80727d..4e89b54f6c 100644
--- a/src/pretix/locale/de_Informal/LC_MESSAGES/djangojs.po
+++ b/src/pretix/locale/de_Informal/LC_MESSAGES/djangojs.po
@@ -7,17 +7,35 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-04-10 14:29+0000\n"
-"PO-Revision-Date: 2016-04-10 16:29+0200\n"
+"POT-Creation-Date: 2016-04-10 15:19+0000\n"
+"PO-Revision-Date: 2016-04-10 17:20+0200\n"
+"Last-Translator: Raphael Michel <michel@rami.io>\n"
+"Language-Team: \n"
 "Language: de\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"Last-Translator: Raphael Michel <michel@rami.io>\n"
-"Language-Team: \n"
 "X-Generator: Poedit 1.8.7.1\n"
 
+#: pretix/plugins/statistics/static/pretixplugins/statistics/statistics.js:9
+#: pretix/plugins/statistics/static/pretixplugins/statistics/statistics.js:32
+msgid "Placed orders"
+msgstr "Getätigte Bestellungen"
+
+#: pretix/plugins/statistics/static/pretixplugins/statistics/statistics.js:9
+#: pretix/plugins/statistics/static/pretixplugins/statistics/statistics.js:32
+msgid "Paid orders"
+msgstr "Bezahlte Bestellungen"
+
+#: pretix/plugins/statistics/static/pretixplugins/statistics/statistics.js:21
+msgid "Total revenue"
+msgstr "Gesamtumsatz"
+
+#: pretix/plugins/stripe/static/pretixplugins/stripe/pretix-stripe.js:47
+msgid "Contacting Stripe…"
+msgstr "Kontaktiere Stripe…"
+
 #: static/pretixpresale/js/ui/asynctask.js:59
 msgid "We are processing your request…"
 msgstr "Wir verarbeiten deine Anfrage…"
diff --git a/src/pretix/plugins/banktransfer/templates/pretixplugins/banktransfer/import_assign.html b/src/pretix/plugins/banktransfer/templates/pretixplugins/banktransfer/import_assign.html
index cab583f26b..260dfa2e63 100644
--- a/src/pretix/plugins/banktransfer/templates/pretixplugins/banktransfer/import_assign.html
+++ b/src/pretix/plugins/banktransfer/templates/pretixplugins/banktransfer/import_assign.html
@@ -7,10 +7,10 @@
     {% endblocktrans %}</p>
     <form method="post" action="">
         {% csrf_token %}
-        <button class="btn btn-primary pull-right" type="submit" style="margin-bottom: 10px">
+        <button class="btn btn-primary pull-right helper-space-below" type="submit">
             <span class="icon icon-upload"></span> {% trans "Continue" %}
         </button>
-        <div class="flipped-scroll-wrapper" style="clear: both;">
+        <div class="flipped-scroll-wrapper clearfix">
             <table class="table table-condensed flipped-scroll-inner">
                 <thead>
                     <tr>
diff --git a/src/pretix/plugins/banktransfer/templates/pretixplugins/banktransfer/import_confirm.html b/src/pretix/plugins/banktransfer/templates/pretixplugins/banktransfer/import_confirm.html
index 78b6e5bf9e..3bf63b9fd2 100644
--- a/src/pretix/plugins/banktransfer/templates/pretixplugins/banktransfer/import_confirm.html
+++ b/src/pretix/plugins/banktransfer/templates/pretixplugins/banktransfer/import_confirm.html
@@ -46,7 +46,7 @@
             <input type="hidden" name="confirm" value="true" />
 
         </table>
-        <button class="btn btn-primary btn-lg pull-right" type="submit" style="margin-bottom: 10px">
+        <button class="btn btn-primary btn-lg pull-right helper-space-below" type="submit">
             <span class="icon icon-upload"></span> {% trans "Confirm" %}
         </button>
         <div class="clearfix"></div>
diff --git a/src/pretix/plugins/statistics/static/pretixplugins/statistics/statistics.js b/src/pretix/plugins/statistics/static/pretixplugins/statistics/statistics.js
index a47de0db7f..ad64ce91b6 100644
--- a/src/pretix/plugins/statistics/static/pretixplugins/statistics/statistics.js
+++ b/src/pretix/plugins/statistics/static/pretixplugins/statistics/statistics.js
@@ -1,11 +1,12 @@
-/*globals $, Morris*/
+/*globals $, Morris, gettext*/
 $(function () {
+    $(".chart").css("height", "250px");
     new Morris.Area({
         element: 'obd_chart',
         data: JSON.parse($("#obd-data").html()),
         xkey: 'date',
         ykeys: ['ordered', 'paid'],
-        labels: ['{% trans "Placed orders" %}', '{% trans "Paid orders" %}'],
+        labels: [gettext('Placed orders'), gettext('Paid orders')],
         lineColors: ['#000099', '#009900'],
         smooth: false,
         resize: true,
@@ -17,18 +18,18 @@ $(function () {
         data: JSON.parse($("#rev-data").html()),
         xkey: 'date',
         ykeys: ['revenue'],
-        labels: ['{% trans "Total revenue" %}'],
+        labels: [gettext('Total revenue')],
         smooth: false,
         resize: true,
         fillOpacity: 0.3,
-        preUnits: '{{ request.event.currency }} '
+        preUnits: $.trim($("#currency").html()) + ' '
     });
     new Morris.Bar({
         element: 'obp_chart',
-        data: JSON.parse($("#odp-data").html()),
+        data: JSON.parse($("#obp-data").html()),
         xkey: 'item',
         ykeys: ['ordered', 'paid'],
-        labels: ['{% trans "Placed orders" %}', '{% trans "Paid orders" %}'],
+        labels: [gettext('Placed orders'), gettext('Paid orders')],
         barColors: ['#000099', '#009900'],
         resize: true
     });
diff --git a/src/pretix/plugins/statistics/templates/pretixplugins/statistics/index.html b/src/pretix/plugins/statistics/templates/pretixplugins/statistics/index.html
index 814492728c..e8dc9fb350 100644
--- a/src/pretix/plugins/statistics/templates/pretixplugins/statistics/index.html
+++ b/src/pretix/plugins/statistics/templates/pretixplugins/statistics/index.html
@@ -10,7 +10,7 @@
             <h3 class="panel-title">{% trans "Orders by day" %}</h3>
         </div>
         <div class="panel-body">
-            <div id="obd_chart" style="height: 250px;"></div>
+            <div id="obd_chart" class="chart"></div>
         </div>
     </div>
     <div class="panel panel-default">
@@ -18,7 +18,7 @@
             <h3 class="panel-title">{% trans "Revenue over time" %}</h3>
         </div>
         <div class="panel-body">
-            <div id="rev_chart" style="height: 250px;"></div>
+            <div id="rev_chart" class="chart"></div>
         </div>
     </div>
     <div class="panel panel-default">
@@ -26,12 +26,13 @@
             <h3 class="panel-title">{% trans "Orders by product" %}</h3>
         </div>
         <div class="panel-body">
-            <div id="obp_chart" style="height: 250px;"></div>
+            <div id="obp_chart" class="chart"></div>
         </div>
     </div>
     <script type="application/json" id="obd-data">{{ obd_data|safe }}</script>
     <script type="application/json" id="rev-data">{{ rev_data|safe }}</script>
     <script type="application/json" id="obp-data">{{ obp_data|safe }}</script>
+    <script type="application/text" id="currency">{{ request.event.currency }}</script>
     <script type="application/javascript" src="{% static "pretixplugins/statistics/statistics.js" %}"></script>
 {% endblock %}
 
diff --git a/src/pretix/plugins/statistics/views.py b/src/pretix/plugins/statistics/views.py
index efc32f181e..6cd4f6ee61 100644
--- a/src/pretix/plugins/statistics/views.py
+++ b/src/pretix/plugins/statistics/views.py
@@ -15,6 +15,12 @@ class IndexView(EventPermissionRequiredMixin, TemplateView):
     template_name = 'pretixplugins/statistics/index.html'
     permission = 'can_view_orders'
 
+    def get(self, request, *args, **kwargs):
+        resp = super().get(request, *args, **kwargs)
+        # required by raphael.js
+        resp['Content-Security-Policy'] = "script-src {static} 'unsafe-eval'; style-src {static} 'unsafe-inline'"
+        return resp
+
     def get_context_data(self, **kwargs):
         ctx = super().get_context_data(**kwargs)
 
@@ -75,13 +81,13 @@ class IndexView(EventPermissionRequiredMixin, TemplateView):
                 i.id: str(i.name)
                 for i in Item.objects.filter(event=self.request.event)
             }
-            ctx['obp_data'] = [
+            ctx['obp_data'] = json.dumps([
                 {
                     'item': item_names[item],
                     'ordered': cnt,
                     'paid': num_paid.get(item, 0)
                 } for item, cnt in num_ordered.items()
-            ]
+            ])
             cache.set('statistics_obp_data', ctx['obp_data'])
 
         ctx['rev_data'] = cache.get('statistics_rev_data')
diff --git a/src/pretix/plugins/stripe/static/pretixplugins/stripe/pretix-stripe.js b/src/pretix/plugins/stripe/static/pretixplugins/stripe/pretix-stripe.js
index 1156b34aa9..6ba13535a4 100644
--- a/src/pretix/plugins/stripe/static/pretixplugins/stripe/pretix-stripe.js
+++ b/src/pretix/plugins/stripe/static/pretixplugins/stripe/pretix-stripe.js
@@ -1,4 +1,4 @@
-/*global $, stripe_pubkey, stripe_loadingmessage */
+/*global $, stripe_pubkey, stripe_loadingmessage, gettext */
 'use strict';
 
 var Stripe = null;
@@ -44,7 +44,7 @@ var pretixstripe = {
         }
     },
     'request': function () {
-        waitingDialog.show(stripe_loading_message);
+        waitingDialog.show(gettext("Contacting Stripe…"));
         $(".stripe-errors").hide();
         Stripe.card.createToken(
             {
@@ -80,7 +80,7 @@ var pretixstripe = {
                 url: 'https://js.stripe.com/v2/',
                 dataType: 'script',
                 success: function () {
-                    Stripe.setPublishableKey(stripe_pubkey);
+                    Stripe.setPublishableKey($.trim($("#stripe_pubkey").html()));
                 }
             }
         );
diff --git a/src/pretix/plugins/stripe/templates/pretixplugins/stripe/presale_head.html b/src/pretix/plugins/stripe/templates/pretixplugins/stripe/presale_head.html
index 709ae4830f..57e1f02104 100644
--- a/src/pretix/plugins/stripe/templates/pretixplugins/stripe/presale_head.html
+++ b/src/pretix/plugins/stripe/templates/pretixplugins/stripe/presale_head.html
@@ -5,7 +5,5 @@
 {% compress js %}
     <script type="text/javascript" src="{% static "pretixplugins/stripe/pretix-stripe.js" %}"></script>
 {% endcompress %}
-<script type="text/javascript">
-    var stripe_pubkey = '{{ settings.publishable_key }}';
-    var stripe_loading_message = '{% trans "Contacting Stripe…" %}';
-</script>
+<script type="text/plain" id="stripe_pubkey">{{ settings.publishable_key }}</script>
+
diff --git a/src/pretix/settings.py b/src/pretix/settings.py
index f76c8bcd83..dcf2d743d6 100644
--- a/src/pretix/settings.py
+++ b/src/pretix/settings.py
@@ -179,6 +179,7 @@ MIDDLEWARE_CLASSES = [
     'pretix.control.middleware.PermissionMiddleware',
     'pretix.presale.middleware.EventMiddleware',
     'pretix.base.middleware.LocaleMiddleware',
+    'pretix.base.middleware.SecurityMiddleware',
 ]
 
 try:
diff --git a/src/static/pretixcontrol/scss/main.scss b/src/static/pretixcontrol/scss/main.scss
index b7b8227298..db75666f55 100644
--- a/src/static/pretixcontrol/scss/main.scss
+++ b/src/static/pretixcontrol/scss/main.scss
@@ -153,4 +153,14 @@ h1 .btn-sm {
         padding-bottom: 15px;
     }
 
+}
+
+.helper-display-inline {
+    display: inline !important;
+}
+.helper-width-auto {
+    width: auto;
+}
+.helper-space-below {
+    margin-bottom: 10px;
 }
\ No newline at end of file