Invoice: Improve handling of special characters in file names (#3347)

Co-authored-by: Richard Schreiber <schreiber@rami.io>
2026-05-05 15:14:04 +00:00 · 2023-05-23 12:17:06 +02:00
parent 364d86085c
commit 1237b8ba47
4 changed files with 33 additions and 3 deletions
--- a/src/pretix/control/views/orders.py
+++ b/src/pretix/control/views/orders.py
@@ -1512,7 +1512,7 @@ class InvoiceDownload(EventPermissionRequiredMixin, View):
            invoice_pdf_task.apply(args=(self.invoice.pk,))
            return self.get(request, *args, **kwargs)

-        resp['Content-Disposition'] = 'inline; filename="{}.pdf"'.format(self.invoice.number)
+        resp['Content-Disposition'] = 'inline; filename="{}.pdf"'.format(re.sub("[^a-zA-Z0-9-_.]+", "_", self.invoice.number))
        resp._csp_ignore = True  # Some browser's PDF readers do not work with CSP
        return resp