Fix #2434 -- Disallow manually setting SecretKeySettingsField to ***** (#2436)

2026-05-05 15:14:04 +00:00 · 2022-02-13 20:24:53 +01:00
parent 7193da42c2
commit 0e900b74d7
1 changed files with 7 additions and 0 deletions
--- a/src/pretix/base/forms/init.py
+++ b/src/pretix/base/forms/init.py
@@ -38,6 +38,7 @@ import i18nfield.forms
 from django import forms
 from django.forms.models import ModelFormMetaclass
 from django.utils.crypto import get_random_string
+from django.utils.translation import gettext_lazy as _
 from formtools.wizard.views import SessionWizardView
 from hierarkey.forms import HierarkeyForm

@@ -128,6 +129,12 @@ class SettingsForm(i18nfield.forms.I18nFormMixin, HierarkeyForm):
        # at all, it will be considered a changed value and stored. We do not want that, as it makes it very hard to add
        # languages to an organizer/event later on. So we trick it and make sure nothing gets changed in that situation.
        for name, field in self.fields.items():
+            if isinstance(field, SecretKeySettingsField) and d.get(name) == SECRET_REDACTED and not self.initial.get(name):
+                self.add_error(
+                    name,
+                    _('Due to technical reasons you cannot set inputs, that need to be masked (e.g. passwords), to %(value)s.') % {'value': SECRET_REDACTED}
+                )
+
            if isinstance(field, i18nfield.forms.I18nFormField):
                value = d.get(name)
                if not value: