From 4fa631ab97ae663b2687e7bd8c68223d2fb7b49a Mon Sep 17 00:00:00 2001
From: Tobias Kunze <rixx@cutebit.de>
Date: Mon, 29 Aug 2016 19:36:38 +0200
Subject: [PATCH] Assert that the item count is a positive integer (#221)

Thanks to David Gullasch for pointing this one out.
---
 src/pretix/presale/views/cart.py | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/pretix/presale/views/cart.py b/src/pretix/presale/views/cart.py
index 9dc048f64b..cfb33427e7 100644
--- a/src/pretix/presale/views/cart.py
+++ b/src/pretix/presale/views/cart.py
@@ -56,13 +56,23 @@ class CartActionMixin:
                 parts = parts[:-1]
             else:
                 voucher = None
+
+            try:
+                amount = int(value)
+            except ValueError:
+                messages.error(self.request, _('Please enter numbers only.'))
+                return []
+            if amount <= 0:
+                messages.error(self.request, _('Please enter positive numbers only.'))
+                return []
+
             price = self.request.POST.get('price_' + "_".join(parts[1:]), "")
             if key.startswith('item_'):
                 try:
                     items.append({
                         'item': int(parts[1]),
                         'variation': None,
-                        'count': int(value),
+                        'count': amount,
                         'price': price,
                         'voucher': voucher
                     })
@@ -74,7 +84,7 @@ class CartActionMixin:
                     items.append({
                         'item': int(parts[1]),
                         'variation': int(parts[2]),
-                        'count': int(value),
+                        'count': amount,
                         'price': price,
                         'voucher': voucher
                     })