CGM_Public/pretix_original
2
0
Fork 1
mirror of https://github.com/pretix/pretix.git synced 2026-05-06 15:24:02 +00:00
Code Issues Packages Projects Releases Wiki Activity
14,067 Commits 310 Branches 192 Tags
3c1b806c8e724a9a179a17b5b08039ede4522fc9
Commit Graph

14067 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
rash
3c1b806c8e add e2e tests for widget button, testing empty cart, adding specific items, and subevents 2026-03-13 10:14:46 +01:00
rash
2dade31f23 Allow gradual rollout of new vite-based widget by adding urls to an allowlist that gets checked against the "Origin" http header of request fetching the widget js 2026-03-10 14:45:00 +01:00
rash
504191c005 fix inconsistencies from automatic migration 2026-03-09 18:31:27 +01:00
rash
00cb77de8f top level await in iife build mode is not supported, so let's do import.meta.glob instead (we just need the build step not to see await, the code doesn't actually ever get loaded because it's DEV only) 2026-02-23 16:43:11 +01:00
rash
99bd78f2c6 less flaky e2e tests 2026-02-23 16:35:42 +01:00
rash
d9b691690e simplify e2e test iframe check 2026-02-22 19:10:11 +01:00
rash
b1b2a688a8 working vite widget setup for prod (untested), local dev (with or without dev server) and pytests, with flags for running the old version or the vite version 2026-02-22 17:40:25 +01:00
rash
3f92868dba start testing event series widget 2026-02-20 13:18:06 +01:00
rash
961253bac4 migrate widget bugfix #5886 2026-02-19 14:13:08 +01:00
rash
f3eb2fba6d Merge branch 'pretix:master' into vite-vue3 2026-02-19 13:40:30 +01:00
luelista
7e45837295 Security hardening for 2FA configuration (#5685) 
* reduce default RecentAuthenticationRequiredMixin timeout to 15 min
* never cache pages with RecentAuthenticationRequiredMixin
* show emergency codes only once after generating
 2026-02-19 12:43:23 +01:00
rash
4d8c22a839 make dates in e2e tests relative 2026-02-19 10:21:00 +01:00
rash
d544df098c switch timezone in e2e tests to Europe/Berlin 2026-02-19 10:14:52 +01:00
Lukas Bockstaller
fd9ed15065 include acceptor slug in log/webhook event (#5906) 2026-02-19 10:00:11 +01:00
Richard Schreiber
2df3d9206b Add voucher tag to orderlist positions export 2026-02-19 09:42:00 +01:00
rash
6cfdfc2cd6 add test for complete widget journey for simple event 2026-02-18 17:13:39 +01:00
rash
55299b1eae drop widget_ prefix from e2e test fixtures 2026-02-18 17:12:55 +01:00
Kian Cross
fbd8bbbeaa Disable partitioned cookies for Safari due to WebKit bugs (#5843) 
Safari currently exhibits a bug where Partitioned cookies (CHIPS) are not
sent back to the originating site after multi-hop cross-site redirects,
breaking SSO login flows in pretix.

Partitioned cookies were initially introduced in Safari 18.4, removed
again in 18.5 due to a bug, and reintroduced in Safari 26.2, where the
current issue is present.

As a mitigation, disable sending the `Partitioned` attribute for Safari
user agents. This is intentionally conservative; once the Safari issue
is fixed, this check should be refined to be conditional on the affected
versions only.

WebKit issues:

  - https://bugs.webkit.org/show_bug.cgi?id=292975
  - https://bugs.webkit.org/show_bug.cgi?id=306194
 2026-02-18 09:19:14 +01:00
Kara Engelhardt
1c305e4b30 Store failed offline checkin if successful online checkin with same nonce exists 2026-02-17 10:41:05 +01:00
KarlKeu00
ea114b4f64 Fix HTML closing tags in pending.html (#5893) 2026-02-17 10:20:28 +01:00
dependabot[bot]
0342613635 Update fakeredis requirement from ==2.33.* to ==2.34.* (#5899) 
Updates the requirements on [fakeredis](https://github.com/cunla/fakeredis-py) to permit the latest version.
- [Release notes](https://github.com/cunla/fakeredis-py/releases)
- [Commits](https://github.com/cunla/fakeredis-py/compare/v2.33.0...v2.34.0)

---
updated-dependencies:
- dependency-name: fakeredis
  dependency-version: 2.34.0
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-17 10:16:35 +01:00
dependabot[bot]
743c4b796b Update sentry-sdk requirement from ==2.52.* to ==2.53.* (#5898) 
Updates the requirements on [sentry-sdk](https://github.com/getsentry/sentry-python) to permit the latest version.
- [Release notes](https://github.com/getsentry/sentry-python/releases)
- [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-python/compare/2.52.0a1...2.53.0)

---
updated-dependencies:
- dependency-name: sentry-sdk
  dependency-version: 2.53.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-17 10:16:27 +01:00
Raphael Michel
8a7f54795e Vouchers: Fix field label inconsistency (Z#23222887) (#5902) 
The field Voucher.price_mode is sometimes called "Price mode" and
sometimes "Price effect" in the UI, which is inconsistent. I think
"price effect" is a little clearer, but I don't really care as long as
it is consistent.
 2026-02-17 10:16:12 +01:00
Raphael Michel
cb464ad597 Remove back link from 404 error page (#23222967) (#5901) 
I've kept it for 400/403/500/csrffail for now, because they also have a
"try again" link. Yes, both things have browser buttons, but they make
it a *little* clearer to technical users what one could to next, and
especially on csrffail, "step back" is always possible and possibly actually
helpful.
 2026-02-17 10:16:05 +01:00
Raphael Michel
119cc50897 Fix inconsistent singular/plural use in text (Z#23223585) 2026-02-17 09:31:08 +01:00
Raphael Michel
61f9cf13b4 Order change: Fix list of unchangeable add-ons not filtered to category (Z#23223330) (#5876) 2026-02-16 15:13:24 +01:00
Raphael Michel
f24429a7c5 Fix tests on Python <3.11 2026-02-16 13:40:00 +01:00
Raphael Michel
29ed07ccce Merge branch 'pajowu/security-plaintext-placeholder' into 'master' 
SECURITY: Prevent placeholder injection in plaintext emails

See merge request pretix/pretix!21
 2026-02-16 10:59:44 +01:00
Nate Horst
dd0cd7ab0b Translations: Update Thai 
Currently translated at 36.0% (2237 of 6207 strings)

Translation: pretix/pretix
Translate-URL: https://translate.pretix.eu/projects/pretix/pretix/th/

powered by weblate
 2026-02-16 10:44:21 +01:00
Nate Horst
d7df906995 Translations: Update Thai 
Currently translated at 36.0% (2237 of 6207 strings)

Translation: pretix/pretix
Translate-URL: https://translate.pretix.eu/projects/pretix/pretix/th/

powered by weblate
 2026-02-16 10:44:21 +01:00
Ruud Hendrickx
839f4b4657 Translations: Update Dutch (Belgium) 
Currently translated at 0.1% (12 of 6207 strings)

Translation: pretix/pretix
Translate-URL: https://translate.pretix.eu/projects/pretix/pretix/nl_BE/

powered by weblate
 2026-02-16 10:44:21 +01:00
Ruud Hendrickx
74f7e1f61c Translations: Add Dutch (Belgium) 2026-02-16 10:44:21 +01:00
Yasunobu YesNo Kawaguchi
47919afab0 Translations: Update Japanese 
Currently translated at 100.0% (256 of 256 strings)

Translation: pretix/pretix (JavaScript parts)
Translate-URL: https://translate.pretix.eu/projects/pretix/pretix-js/ja/

powered by weblate
 2026-02-16 10:44:21 +01:00
Yasunobu YesNo Kawaguchi
819daa99f7 Translations: Update Japanese 
Currently translated at 100.0% (6207 of 6207 strings)

Translation: pretix/pretix
Translate-URL: https://translate.pretix.eu/projects/pretix/pretix/ja/

powered by weblate
 2026-02-16 10:44:21 +01:00
Ruud Hendrickx
8512e79d68 Translations: Update Dutch (informal) (nl_Informal) 
Currently translated at 100.0% (6207 of 6207 strings)

Translation: pretix/pretix
Translate-URL: https://translate.pretix.eu/projects/pretix/pretix/nl_Informal/

powered by weblate
 2026-02-16 10:44:21 +01:00
Ruud Hendrickx
52672ae25b Translations: Update Dutch 
Currently translated at 100.0% (6207 of 6207 strings)

Translation: pretix/pretix
Translate-URL: https://translate.pretix.eu/projects/pretix/pretix/nl/

powered by weblate
 2026-02-16 10:44:21 +01:00
Raphael Michel
ad752dc617 Fix placeholder injection with django templates 2026-02-13 13:36:12 +01:00
Raphael Michel
43c6c33bd8 SafeFormatter: Ignore conversion spec 2026-02-13 12:35:49 +01:00
Raphael Michel
88c9f8c047 Remove duplicate rendering of plain content without variables 2026-02-13 12:30:01 +01:00
Raphael Michel
2d2663f15f Mark strings as formatted to prevent double-formatting 2026-02-13 12:28:32 +01:00
Kara Engelhardt
ae6014708b SECURITY: Prevent placeholder injcetion in plaintext emails 2026-02-13 12:28:32 +01:00
rash
97857e7a67 test file is not actually used 2026-02-12 13:30:28 +01:00
rash
469b777dcf first couple widget e2e tests 
courtesy of claude
most of the tests don't work yet
 2026-02-12 13:25:43 +01:00
Richard Schreiber
d1686df07c Move request.GET.items to ctx (#5889) 2026-02-12 12:05:08 +01:00
Richard Schreiber
4d60d7bfbc Fix widget quantity prefill (#5886) 2026-02-12 12:04:11 +01:00
Phin Wolkwitz
c0b93fedc5 Hide company name field in order info for individual customers (Z#23212149, Z#23216249) (#5887) 2026-02-11 16:15:23 +01:00
rash
333dc56ef7 first draft migrating widget to vue3/vite 2026-02-11 15:12:43 +01:00
Richard Schreiber
2eaa6c3069 Fix address-helper wrong locale (Z#23223920) (#5884) 
* Fix address-helper wrong locale (Z#23223920)

* fix translation for transmission-types names

* use language_code instead
 2026-02-11 13:22:15 +01:00
Phin Wolkwitz
db982c9ef4 Presale: Hide adress info from invisible fields in confirmation step (Z#23212149) (#5649) 
Not all transmission fields are visible to users at all times, depending on whether they are necessary for users to know/change but they are submitted for the backend. This change hides those fields that were hidden before in the confirmation step as well to avoid confusion.
 2026-02-11 13:14:05 +01:00
Raphael Michel
f9f6ee94ae Outgoing mails: Fix wrong filter statement (PRETIXEU-CZZ) 2026-02-11 13:11:21 +01:00