CGM_Public/pretix_original
2
0
Fork 1
mirror of https://github.com/pretix/pretix.git synced 2026-05-04 15:04:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

[SECURITY] Bind relevant cached file downloads to the current session

Browse Source
This commit is contained in:
Raphael Michel
2020-12-18 19:17:23 +01:00
parent a3dd015c23
commit c60a25f2bc
11 changed files with 42 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/pretix/plugins/badges/views.py
View File

@@ -235,7 +235,7 @@ class OrderPrintDo(EventPermissionRequiredMixin, AsyncAction, View):
def post(self, request, *args, **kwargs):
order = get_object_or_404(self.request.event.orders, code=request.GET.get("code"))
cf = CachedFile()
cf = CachedFile(web_download=True, session_key=self.request.session.session_key)
cf.date = now()
cf.type = 'application/pdf'
cf.expires = now() + timedelta(days=3)