From 169355cd4346b5a6ed34cb7ac0b007f8aef2182e Mon Sep 17 00:00:00 2001
From: Mira Weller <weller@rami.io>
Date: Thu, 15 May 2025 15:39:39 +0200
Subject: [PATCH] CartManager: use database NOW() for extend-while-valid to
 avoid race condition

---
 src/pretix/base/services/cart.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/pretix/base/services/cart.py b/src/pretix/base/services/cart.py
index 138f7a9f5c..16c8dfaaa2 100644
--- a/src/pretix/base/services/cart.py
+++ b/src/pretix/base/services/cart.py
@@ -47,6 +47,7 @@ from django.core.exceptions import ValidationError
 from django.db import DatabaseError, transaction
 from django.db.models import Count, Exists, IntegerField, OuterRef, Q, Value
 from django.db.models.aggregates import Min
+from django.db.models.functions import Now
 from django.dispatch import receiver
 from django.utils.timezone import make_aware, now
 from django.utils.translation import (
@@ -345,7 +346,7 @@ class CartManager:
         # We can extend the reservation of items which are not yet expired without risk
         if self._expiry > self.real_now_dt:
             self.num_extended_positions += self.positions.filter(
-                expires__gt=self.real_now_dt, expires__lt=self._expiry,
+                expires__gt=Now(), expires__lt=self._expiry,
             ).update(
                 expires=self._expiry,
             )