From 50a3d4e855ae4c10d96ad9ee38950a9105d6c917 Mon Sep 17 00:00:00 2001
From: Richard Schreiber <schreiber@rami.io>
Date: Fri, 27 Feb 2026 17:52:49 +0100
Subject: [PATCH] improve dict-check

---
 src/pretix/api/serializers/order.py | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/pretix/api/serializers/order.py b/src/pretix/api/serializers/order.py
index 632d8e84d0..e19565247c 100644
--- a/src/pretix/api/serializers/order.py
+++ b/src/pretix/api/serializers/order.py
@@ -1218,13 +1218,14 @@ class OrderCreateSerializer(I18nAwareModelSerializer):
 
     def validate_payment_info(self, info):
         if info:
-            if not info.strip().startswith("{"):
-                # only objects are allowed
-                raise ValidationError('Payment info must be a valid JSON-object.')
             try:
                 obj = json.loads(info)
             except ValueError:
-                raise ValidationError('Payment info must be a valid JSON-object.')
+                raise ValidationError('Payment info must be valid JSON.')
+
+            if not isinstance(obj, dict):
+                # only objects are allowed
+                raise ValidationError('Payment info must be a JSON-object.')
         return info
 
     def validate_expires(self, expires):