From 2b818f42cd03da1d0d05ddbb4b62f62c23ad3941 Mon Sep 17 00:00:00 2001 From: Raphael Michel Date: Thu, 16 May 2019 10:05:58 +0200 Subject: [PATCH] Raise 404 on opening unknown order PRETIXEU-12Q --- src/pretix/presale/views/order.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/pretix/presale/views/order.py b/src/pretix/presale/views/order.py index 955b11dc82..6747e1a9f8 100644 --- a/src/pretix/presale/views/order.py +++ b/src/pretix/presale/views/order.py @@ -67,7 +67,9 @@ class OrderDetailMixin(NoSearchIndexViewMixin): @method_decorator(xframe_options_exempt, 'dispatch') class OrderOpen(EventViewMixin, OrderDetailMixin, View): - def dispatch(self, request, *args, **kwargs): + def get(self, request, *args, **kwargs): + if not self.order: + raise Http404(_('Unknown order code or not authorized to access this order.')) if kwargs.get('hash') == self.order.email_confirm_hash(): self.order.email_known_to_work = True self.order.save(update_fields=['email_known_to_work'])