diff --git a/src/pretix/base/forms/questions.py b/src/pretix/base/forms/questions.py index 04501aa428..0e26d6a7ca 100644 --- a/src/pretix/base/forms/questions.py +++ b/src/pretix/base/forms/questions.py @@ -47,7 +47,7 @@ from django.conf import settings from django.contrib import messages from django.core.exceptions import ValidationError from django.core.files.uploadedfile import SimpleUploadedFile -from django.core.validators import MaxValueValidator, MinValueValidator +from django.core.validators import MaxValueValidator, MinValueValidator, RegexValidator from django.db.models import QuerySet from django.forms import Select, widgets from django.utils import translation @@ -187,6 +187,15 @@ class NamePartsFormField(forms.MultiValueField): defaults = { 'widget': self.widget, 'max_length': kwargs.pop('max_length', None), + 'validators': [ + RegexValidator( + # The following characters should never appear in a name anywhere of + # the world. However, they commonly appear in inputs generated by spam + # bots. + r'^[^$€/%§{}<>~]*$', + message=_('Please do not use special characters in names.') + ) + ] } self.scheme_name = kwargs.pop('scheme') self.titles = kwargs.pop('titles') @@ -207,6 +216,7 @@ class NamePartsFormField(forms.MultiValueField): if fname == 'title' and self.scheme_titles: d = dict(defaults) d.pop('max_length', None) + d.pop('validators', None) field = forms.ChoiceField( **d, choices=[('', '')] + [(d, d) for d in self.scheme_titles[1]] @@ -215,6 +225,7 @@ class NamePartsFormField(forms.MultiValueField): elif fname == 'salutation': d = dict(defaults) d.pop('max_length', None) + d.pop('validators', None) field = forms.ChoiceField( **d, choices=[('', '---')] + PERSON_NAME_SALUTATIONS