From 05a1df244bd9500d1c00423c7dfdae95a0c7e232 Mon Sep 17 00:00:00 2001 From: Sohalt Date: Tue, 8 Oct 2019 14:28:51 +0200 Subject: [PATCH] Fix #1388 -- Prevent some words from occurring in order codes (#1422) * prevent some words from occurring in order codes * Use regex to match against blacklist * Prevent some words from occurring in voucher codes * Rename blacklist to banlist --- src/pretix/base/banlist.py | 80 ++++++++++++++++++++++++++++++ src/pretix/base/models/orders.py | 3 ++ src/pretix/base/models/vouchers.py | 8 ++- 3 files changed, 89 insertions(+), 2 deletions(-) create mode 100644 src/pretix/base/banlist.py diff --git a/src/pretix/base/banlist.py b/src/pretix/base/banlist.py new file mode 100644 index 0000000000..27e81c8909 --- /dev/null +++ b/src/pretix/base/banlist.py @@ -0,0 +1,80 @@ +import re + +# banlist based on http://www.bannedwordlist.com/lists/swearWords.txt +banlist = [ + "anal", + "anus", + "arse", + "ass", + "balls", + "bastard", + "bitch", + "biatch", + "bloody", + "blowjob", + "bollock", + "bollok", + "boner", + "boob", + "bugger", + "bum", + "butt", + "clitoris", + "cock", + "coon", + "crap", + "cunt", + "damn", + "dick", + "dildo", + "dyke", + "fag", + "feck", + "fellate", + "fellatio", + "felching", + "fuck", + "fudgepacker", + "flange", + "goddamn", + "hell", + "homo", + "jerk", + "jizz", + "knobend", + "labia", + "lmao", + "lmfao", + "muff", + "nigger", + "nigga", + "omg", + "penis", + "piss", + "poop", + "prick", + "pube", + "pussy", + "queer", + "scrotum", + "sex", + "shit", + "sh1t", + "slut", + "smegma", + "spunk", + "tit", + "tosser", + "turd", + "twat", + "vagina", + "wank", + "whore", + "wtf" +] + +blacklist_regex = re.compile('(' + '|'.join(banlist) + ')') + + +def banned(string): + return bool(blacklist_regex.search(string.lower())) diff --git a/src/pretix/base/models/orders.py b/src/pretix/base/models/orders.py index 80fd815b06..568a25c877 100644 --- a/src/pretix/base/models/orders.py +++ b/src/pretix/base/models/orders.py @@ -31,6 +31,7 @@ from django_scopes import ScopedManager, scopes_disabled from i18nfield.strings import LazyI18nString from jsonfallback.fields import FallbackJSONField +from pretix.base.banlist import banned from pretix.base.decimal import round_decimal from pretix.base.email import get_email_context from pretix.base.i18n import language @@ -538,6 +539,8 @@ class Order(LockModel, LoggedModel): charset = list('ABCDEFGHJKLMNPQRSTUVWXYZ3789') while True: code = get_random_string(length=settings.ENTROPY['order_code'], allowed_chars=charset) + if banned(code): + continue if self.testmode: # Subtle way to recognize test orders while debugging: They all contain a 0 at the second place, # even though zeros are not used outside test mode. diff --git a/src/pretix/base/models/vouchers.py b/src/pretix/base/models/vouchers.py index ca0b156cdb..09c471136f 100644 --- a/src/pretix/base/models/vouchers.py +++ b/src/pretix/base/models/vouchers.py @@ -10,6 +10,7 @@ from django.utils.timezone import now from django.utils.translation import pgettext_lazy, ugettext_lazy as _ from django_scopes import ScopedManager, scopes_disabled +from pretix.base.banlist import banned from pretix.base.models import SeatCategoryMapping from ..decimal import round_decimal @@ -21,9 +22,12 @@ from .orders import Order def _generate_random_code(prefix=None): charset = list('ABCDEFGHKLMNPQRSTUVWXYZ23456789') + rnd = None + while not rnd or banned(rnd): + rnd = get_random_string(length=settings.ENTROPY['voucher_code'], allowed_chars=charset) if prefix: - return prefix + get_random_string(length=settings.ENTROPY['voucher_code'], allowed_chars=charset) - return get_random_string(length=settings.ENTROPY['voucher_code'], allowed_chars=charset) + return prefix + rnd + return rnd @scopes_disabled()