CGM_Public/pretix_original
2
0
Fork 1
mirror of https://github.com/pretix/pretix.git synced 2026-05-04 15:04:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix #1388 -- Prevent some words from occurring in order codes (#1422)

Browse Source 
* prevent some words from occurring in order codes

* Use regex to match against blacklist

* Prevent some words from occurring in voucher codes

* Rename blacklist to banlist
This commit is contained in:
Sohalt
2019-10-08 14:28:51 +02:00
committed by Raphael Michel
parent 9f7d5156cc
commit 05a1df244b
3 changed files with 89 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/pretix/base/models/orders.py
View File

@@ -31,6 +31,7 @@ from django_scopes import ScopedManager, scopes_disabled
from i18nfield.strings import LazyI18nString
from jsonfallback.fields import FallbackJSONField
from pretix.base.banlist import banned
from pretix.base.decimal import round_decimal
from pretix.base.email import get_email_context
from pretix.base.i18n import language
@@ -538,6 +539,8 @@ class Order(LockModel, LoggedModel):
charset = list('ABCDEFGHJKLMNPQRSTUVWXYZ3789')
while True:
code = get_random_string(length=settings.ENTROPY['order_code'], allowed_chars=charset)
if banned(code):
continue
if self.testmode:
# Subtle way to recognize test orders while debugging: They all contain a 0 at the second place,
# even though zeros are not used outside test mode.

8
src/pretix/base/models/vouchers.py
View File

@@ -10,6 +10,7 @@ from django.utils.timezone import now
from django.utils.translation import pgettext_lazy, ugettext_lazy as _
from django_scopes import ScopedManager, scopes_disabled
from pretix.base.banlist import banned
from pretix.base.models import SeatCategoryMapping
from ..decimal import round_decimal
@@ -21,9 +22,12 @@ from .orders import Order
def _generate_random_code(prefix=None):
charset = list('ABCDEFGHKLMNPQRSTUVWXYZ23456789')
rnd = None
while not rnd or banned(rnd):
rnd = get_random_string(length=settings.ENTROPY['voucher_code'], allowed_chars=charset)
if prefix:
return prefix + get_random_string(length=settings.ENTROPY['voucher_code'], allowed_chars=charset)
return get_random_string(length=settings.ENTROPY['voucher_code'], allowed_chars=charset)
return prefix + rnd
return rnd
@scopes_disabled()