From 667c2555b2ca373d98b3fec4eba2a1535eabf7bb Mon Sep 17 00:00:00 2001
From: Raphael Michel <michel@rami.io>
Date: Tue, 10 Sep 2024 13:58:22 +0200
Subject: [PATCH] AsyncMixin: Fix crash on invalid query string (PRETIXEU-AHG)

---
 src/pretix/base/views/tasks.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/pretix/base/views/tasks.py b/src/pretix/base/views/tasks.py
index bed6862bb6..5c8f1799c7 100644
--- a/src/pretix/base/views/tasks.py
+++ b/src/pretix/base/views/tasks.py
@@ -30,7 +30,9 @@ from celery import states
 from celery.result import AsyncResult
 from django.conf import settings
 from django.contrib import messages
-from django.core.exceptions import PermissionDenied, ValidationError
+from django.core.exceptions import (
+    BadRequest, PermissionDenied, ValidationError,
+)
 from django.core.files.uploadedfile import UploadedFile
 from django.db import transaction
 from django.http import HttpResponse, JsonResponse, QueryDict
@@ -131,6 +133,8 @@ class AsyncMixin:
         return data
 
     def get_result(self, request):
+        if not request.GET.get('async_id'):
+            raise BadRequest("No async_id given")
         res = AsyncResult(request.GET.get('async_id'))
         if 'ajax' in self.request.GET:
             return JsonResponse(self._return_ajax_result(res, timeout=0.25))
@@ -208,6 +212,8 @@ class AsyncAction(AsyncMixin):
 
     def get(self, request, *args, **kwargs):
         if 'async_id' in request.GET and settings.HAS_CELERY:
+            if not request.GET.get('async_id'):
+                raise BadRequest("No async_id given")
             return self.get_result(request)
         return self.http_method_not_allowed(request)