From bbcb41da2b0aebc5265721b12e7b2c54b3eb860a Mon Sep 17 00:00:00 2001
From: Raphael Michel <mail@raphaelmichel.de>
Date: Wed, 31 Mar 2021 10:38:10 +0200
Subject: [PATCH] Cart action views: Improve input validation

---
 src/pretix/presale/views/cart.py | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/src/pretix/presale/views/cart.py b/src/pretix/presale/views/cart.py
index f54286a0aa..fbc962cfe5 100644
--- a/src/pretix/presale/views/cart.py
+++ b/src/pretix/presale/views/cart.py
@@ -111,6 +111,12 @@ class CartActionMixin:
 
         parts = key.split("_")
         price = self.request.POST.get('price_' + "_".join(parts[1:]), "")
+        subevent = None
+        if 'subevent' in self.request.POST:
+            try:
+                subevent = int(self.request.POST.get('subevent'))
+            except ValueError:
+                pass
 
         if key.startswith('seat_'):
             try:
@@ -121,7 +127,7 @@ class CartActionMixin:
                     'seat': value,
                     'price': price,
                     'voucher': voucher,
-                    'subevent': self.request.POST.get("subevent")
+                    'subevent': subevent
                 }
             except ValueError:
                 raise CartError(_('Please enter numbers only.'))
@@ -143,7 +149,7 @@ class CartActionMixin:
                     'count': amount,
                     'price': price,
                     'voucher': voucher,
-                    'subevent': self.request.POST.get("subevent")
+                    'subevent': subevent
                 }
             except ValueError:
                 raise CartError(_('Please enter numbers only.'))
@@ -155,7 +161,7 @@ class CartActionMixin:
                     'count': amount,
                     'price': price,
                     'voucher': voucher,
-                    'subevent': self.request.POST.get("subevent")
+                    'subevent': subevent
                 }
             except ValueError:
                 raise CartError(_('Please enter numbers only.'))
@@ -380,8 +386,11 @@ class CartRemove(EventViewMixin, CartActionMixin, AsyncAction, View):
 
     def post(self, request, *args, **kwargs):
         if 'id' in request.POST:
-            return self.do(self.request.event.id, request.POST.get('id'), get_or_create_cart_id(self.request),
-                           translation.get_language(), request.sales_channel.identifier)
+            try:
+                return self.do(self.request.event.id, int(request.POST.get('id')), get_or_create_cart_id(self.request),
+                               translation.get_language(), request.sales_channel.identifier)
+            except ValueError:
+                return redirect(self.get_error_url())
         else:
             if 'ajax' in self.request.GET or 'ajax' in self.request.POST:
                 return JsonResponse({