CGM_Public/pretix_original
2
0
Fork 1
mirror of https://github.com/pretix/pretix.git synced 2026-05-05 15:14:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

Assert that the item count is a positive integer (#221)

Browse Source 
Thanks to David Gullasch for pointing this one out.
This commit is contained in:
Tobias Kunze
2016-08-29 19:36:38 +02:00
committed by Raphael Michel
parent 5346473f75
commit 4fa631ab97
1 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/pretix/presale/views/cart.py
View File

@@ -56,13 +56,23 @@ class CartActionMixin:
parts = parts[:-1] parts = parts[:-1]
else: else:
voucher = None voucher = None
try:
amount = int(value)
except ValueError:
messages.error(self.request, _('Please enter numbers only.'))
return []
if amount <= 0:
messages.error(self.request, _('Please enter positive numbers only.'))
return []
price = self.request.POST.get('price_' + "_".join(parts[1:]), "") price = self.request.POST.get('price_' + "_".join(parts[1:]), "")
if key.startswith('item_'): if key.startswith('item_'):
try: try:
items.append({ items.append({
'item': int(parts[1]), 'item': int(parts[1]),
'variation': None, 'variation': None,
'count': int(value), 'count': amount,
'price': price, 'price': price,
'voucher': voucher 'voucher': voucher
}) })
@@ -74,7 +84,7 @@ class CartActionMixin:
items.append({ items.append({
'item': int(parts[1]), 'item': int(parts[1]),
'variation': int(parts[2]), 'variation': int(parts[2]),
'count': int(value), 'count': amount,
'price': price, 'price': price,
'voucher': voucher 'voucher': voucher
}) })