Fix #1388 -- Prevent some words from occurring in order codes (#1422)

* prevent some words from occurring in order codes * Use regex to match against blacklist * Prevent some words from occurring in voucher codes * Rename blacklist to banlist
2026-05-04 15:04:03 +00:00 · 2019-10-08 14:28:51 +02:00
parent 9f7d5156cc
commit 05a1df244b
3 changed files with 89 additions and 2 deletions
--- a/src/pretix/base/banlist.py
+++ b/src/pretix/base/banlist.py
@@ -0,0 +1,80 @@
+import re
+
+# banlist based on http://www.bannedwordlist.com/lists/swearWords.txt
+banlist = [
+    "anal",
+    "anus",
+    "arse",
+    "ass",
+    "balls",
+    "bastard",
+    "bitch",
+    "biatch",
+    "bloody",
+    "blowjob",
+    "bollock",
+    "bollok",
+    "boner",
+    "boob",
+    "bugger",
+    "bum",
+    "butt",
+    "clitoris",
+    "cock",
+    "coon",
+    "crap",
+    "cunt",
+    "damn",
+    "dick",
+    "dildo",
+    "dyke",
+    "fag",
+    "feck",
+    "fellate",
+    "fellatio",
+    "felching",
+    "fuck",
+    "fudgepacker",
+    "flange",
+    "goddamn",
+    "hell",
+    "homo",
+    "jerk",
+    "jizz",
+    "knobend",
+    "labia",
+    "lmao",
+    "lmfao",
+    "muff",
+    "nigger",
+    "nigga",
+    "omg",
+    "penis",
+    "piss",
+    "poop",
+    "prick",
+    "pube",
+    "pussy",
+    "queer",
+    "scrotum",
+    "sex",
+    "shit",
+    "sh1t",
+    "slut",
+    "smegma",
+    "spunk",
+    "tit",
+    "tosser",
+    "turd",
+    "twat",
+    "vagina",
+    "wank",
+    "whore",
+    "wtf"
+]
+
+blacklist_regex = re.compile('(' + '|'.join(banlist) + ')')
+
+
+def banned(string):
+    return bool(blacklist_regex.search(string.lower()))
--- a/src/pretix/base/models/orders.py
+++ b/src/pretix/base/models/orders.py
@@ -31,6 +31,7 @@ from django_scopes import ScopedManager, scopes_disabled
 from i18nfield.strings import LazyI18nString
 from jsonfallback.fields import FallbackJSONField

+from pretix.base.banlist import banned
 from pretix.base.decimal import round_decimal
 from pretix.base.email import get_email_context
 from pretix.base.i18n import language
@@ -538,6 +539,8 @@ class Order(LockModel, LoggedModel):
        charset = list('ABCDEFGHJKLMNPQRSTUVWXYZ3789')
        while True:
            code = get_random_string(length=settings.ENTROPY['order_code'], allowed_chars=charset)
+            if banned(code):
+                continue
            if self.testmode:
                # Subtle way to recognize test orders while debugging: They all contain a 0 at the second place,
                # even though zeros are not used outside test mode.
--- a/src/pretix/base/models/vouchers.py
+++ b/src/pretix/base/models/vouchers.py
@@ -10,6 +10,7 @@ from django.utils.timezone import now
 from django.utils.translation import pgettext_lazy, ugettext_lazy as _
 from django_scopes import ScopedManager, scopes_disabled

+from pretix.base.banlist import banned
 from pretix.base.models import SeatCategoryMapping

 from ..decimal import round_decimal
@@ -21,9 +22,12 @@ from .orders import Order

 def _generate_random_code(prefix=None):
    charset = list('ABCDEFGHKLMNPQRSTUVWXYZ23456789')
+    rnd = None
+    while not rnd or banned(rnd):
+        rnd = get_random_string(length=settings.ENTROPY['voucher_code'], allowed_chars=charset)
    if prefix:
-        return prefix + get_random_string(length=settings.ENTROPY['voucher_code'], allowed_chars=charset)
-    return get_random_string(length=settings.ENTROPY['voucher_code'], allowed_chars=charset)
+        return prefix + rnd
+    return rnd


@scopes_disabled()