CGM_Public/pretix_original
2
0
Fork 1
mirror of https://github.com/pretix/pretix.git synced 2026-05-06 15:24:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Replace redirect() with redirect_to_url() if we don't need Django's resolution

Browse Source
This commit is contained in:
Raphael Michel
2023-12-08 15:38:25 +01:00
parent 2acf043872
commit 12a898476e
19 changed files with 134 additions and 111 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
src/pretix/control/views/auth.py
View File

@@ -87,8 +87,8 @@ def process_login(request, user, keep_logged_in):
auth_login(request, user)
request.session['pretix_auth_login_time'] = int(time.time())
if next_url and url_has_allowed_host_and_scheme(next_url, allowed_hosts=None):
return redirect(next_url)
return redirect(reverse('control:index'))
return redirect_to_url(next_url)
return redirect('control:index')
def login(request):
@@ -149,7 +149,10 @@ def register(request):
raise PermissionDenied('Registration is disabled')
ctx = {}
if request.user.is_authenticated:
return redirect(request.GET.get("next", 'control:index'))
next_url = request.GET.get("next") or reverse("control:index")
if next_url and url_has_allowed_host_and_scheme(next_url, allowed_hosts=None):
return redirect_to_url(next_url)
return redirect("control:index")
if request.method == 'POST':
form = RegistrationForm(data=request.POST)
if form.is_valid():
@@ -256,7 +259,10 @@ class Forgot(TemplateView):
def get(self, request, *args, **kwargs):
if request.user.is_authenticated:
return redirect(request.GET.get("next", 'control:index'))
next_url = request.GET.get("next") or reverse("control:index")
if next_url and url_has_allowed_host_and_scheme(next_url, allowed_hosts=None):
return redirect_to_url(next_url)
return redirect("control:index")
return super().get(request, *args, **kwargs)
def post(self, request, *args, **kwargs):
@@ -329,7 +335,10 @@ class Recover(TemplateView):
def get(self, request, *args, **kwargs):
if request.user.is_authenticated:
return redirect(request.GET.get("next", 'control:index'))
next_url = request.GET.get("next") or reverse("control:index")
if next_url and url_has_allowed_host_and_scheme(next_url, allowed_hosts=None):
return redirect_to_url(next_url)
return redirect("control:index")
try:
user = User.objects.get(id=self.request.GET.get('id'), is_active=True, auth_backend='native')
except User.DoesNotExist:
@@ -453,7 +462,7 @@ class Login2FAView(TemplateView):
del request.session['pretix_auth_2fa_time']
if "next" in request.GET and url_has_allowed_host_and_scheme(request.GET.get("next"), allowed_hosts=None):
return redirect_to_url(request.GET.get("next"))
return redirect(reverse('control:index'))
return redirect('control:index')
else:
messages.error(request, _('Invalid code, please try again.'))
return redirect('control:auth.login.2fa')

7
src/pretix/control/views/orderimport.py
View File

@@ -50,6 +50,7 @@ from pretix.base.services.orderimport import import_orders, parse_csv
from pretix.base.views.tasks import AsyncAction
from pretix.control.forms.orderimport import ProcessForm
from pretix.control.permissions import EventPermissionRequiredMixin
from pretix.helpers.http import redirect_to_url
logger = logging.getLogger(__name__)
ENCODINGS = (
@@ -69,19 +70,19 @@ class ImportView(EventPermissionRequiredMixin, TemplateView):
def post(self, request, *args, **kwargs):
if 'file' not in request.FILES:
return redirect(reverse('control:event.orders.import', kwargs={
return redirect_to_url(reverse('control:event.orders.import', kwargs={
'event': request.event.slug,
'organizer': request.organizer.slug,
}))
if not request.FILES['file'].name.lower().endswith('.csv'):
messages.error(request, _('Please only upload CSV files.'))
return redirect(reverse('control:event.orders.import', kwargs={
return redirect_to_url(reverse('control:event.orders.import', kwargs={
'event': request.event.slug,
'organizer': request.organizer.slug,
}))
if request.FILES['file'].size > settings.FILE_UPLOAD_MAX_SIZE_OTHER:
messages.error(request, _('Please do not upload files larger than 10 MB.'))
return redirect(reverse('control:event.orders.import', kwargs={
return redirect_to_url(reverse('control:event.orders.import', kwargs={
'event': request.event.slug,
'organizer': request.organizer.slug,
}))