CGM_Public/pretix_original
2
0
Fork 1
mirror of https://github.com/pretix/pretix.git synced 2026-05-03 14:54:04 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,213 Commits 305 Branches 191 Tags
a3ca4c81ae20f0179b754a8cd525a6d6fb41d1cd
Commit Graph

2213 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Raphael Michel
a3ca4c81ae [SECURITY] Fix XSS vulnerability in typeahead.js 2017-08-21 15:14:45 +02:00
Raphael Michel
fb398a5520 [SECURITY] Fix XSS vulnerability in Lightbox caption 2017-08-21 15:14:45 +02:00
Raphael Michel
9a9bb92f91 [SECURITY] Support custom media URLs in CSP middleware 2017-08-21 15:14:45 +02:00
Raphael Michel
e23a5c24d6 [SECURITY] Add warning for download of unsafe files 2017-08-21 15:14:45 +02:00
Raphael Michel
1a42a54d98 [SECURITY] Tokens for downloading answer attachments 2017-08-21 15:14:45 +02:00
Raphael Michel
5c91352bae [SECURITY] Do not allow SVG files for logos 2017-08-21 15:14:45 +02:00
Raphael Michel
3428ea2f18 [SECURITY] Fix XSS injection vulnerabilities in question answers, event, quota and product names 2017-08-21 15:14:45 +02:00
Raphael Michel
24e5d337a6 [SECURITY] Update to morris.js master to fix a XSS vulnerability 2017-08-21 15:14:44 +02:00
Raphael Michel
a2c1413036 [SECURITY] Use defusedcsv for exports 2017-08-21 15:14:44 +02:00
Tobias Kunze
bab092f04b Do not override the Reply-To header (#597) 2017-08-20 13:50:48 +03:00
Tobias Kunze
2bf4e6c5c6 Fix import of celery app in documentation (#596) 2017-08-20 12:41:37 +03:00
Raphael Michel
584add97a3 Fix counting bug for global order search 2017-08-11 12:42:47 +02:00
Raphael Michel
57143a434e Add new signal voucher_form_validation 2017-08-10 17:06:16 +02:00
Raphael Michel
e31bd7600c Add bcc to mail_send 2017-08-09 16:22:14 +02:00
Raphael Michel
f02ec8b24b Improve Stripe.js loading 2017-08-09 13:56:52 +02:00
Raphael Michel
b8704f980f Only validate form of the selected payment 2017-08-09 13:56:52 +02:00
Raphael Michel
3accf74687 Fix KeyError in form submission 2017-08-09 13:56:52 +02:00
Tobias Kunze
a213ca746c Only mention an order in the mail if one is associated (#592) 2017-08-09 10:42:52 +02:00
Raphael Michel
349e306d38 Fix #576 yet again 2017-08-08 23:08:34 +02:00
Raphael Michel
ca1b1032eb Allow mails without HTML 2017-08-08 22:28:27 +02:00
Raphael Michel
a6c9fb0f8b Fix #576 again 2017-08-08 22:24:53 +02:00
Raphael Michel
c8230c55ee Update translation 2017-08-08 21:06:54 +02:00
Raphael Michel
55f77613d4 Fix #576 -- linebreaks in bank details in HTML mails 2017-08-08 20:37:01 +02:00
Raphael Michel
c9a1ff45c7 Fix import order 2017-08-07 19:31:20 +02:00
Raphael Michel
c209f66d49 Fix #590 -- Combined Ticket-PDFs are not invalidated when rotating secrets 2017-08-07 18:34:04 +02:00
Raphael Michel
3efa02eb81 Fixes to the download reminder 2017-08-07 17:10:04 +02:00
Raphael Michel
8506f66236 Show if team members have 2FA enabled 2017-08-07 16:15:32 +02:00
Sanket Dasgupta
cb2826f171 Fix #293 -- Add ticket downloading reminder (#567) 
Closes https://github.com/pretix/pretix/issues/293
 2017-08-07 16:15:27 +02:00
Raphael Michel
0990c9cc3d Fix AttributeError in voucher creation 2017-08-07 14:12:16 +02:00
Raphael Michel
4aa9594a61 Fix voucher redemption problem with subevents 2017-08-07 14:09:12 +02:00
Raphael Michel
ed208cf433 Optimize OrderFilterForm query 2017-08-07 14:04:16 +02:00
Raphael Michel
428faeb756 Add a minimal length for voucher codes 2017-08-07 12:11:48 +02:00
Raphael Michel
e858edd85c Do not allow vouchers to create negative prices 2017-08-07 12:11:48 +02:00
Raphael Michel
e4ab27a292 Fix missing file 2017-08-01 21:02:15 +02:00
Raphael Michel
eece5793d6 Fix travis after bbed8e5f 2017-08-01 20:43:28 +02:00
Nicole Klünder
3df737a94f fix missing space in german translation (#587) 2017-08-01 20:39:39 +02:00
Nicole Klünder
0e4c414c2e fix wrong stripe version in setup.py (#588) 2017-08-01 20:39:25 +02:00
Raphael Michel
326304db54 Fix #583 -- Wrongly documented option 2017-07-31 23:00:48 +02:00
Raphael Michel
c8e54524a3 Only use SQLite config during tests if it exists 2017-07-31 21:36:46 +02:00
Raphael Michel
d671060a47 Add sphinxcontrib-images to doc dependencies 2017-07-31 21:14:00 +02:00
Raphael Michel
93dab76da2 Complete docs page 2017-07-31 21:12:30 +02:00
Nicole Klünder
bbed8e5fae throw exception if PRETIX_CONFIG_FILE can not be opened (#581) 
If the environment variable PRETIX_CONFIG_FILE is set but the file can not be read because it does not exists or permission is denied, pretix just runs with default settings. When setting up a new installation this can be confusing and difficult to debug.

I think it is safe to assume that someone who sets PRETIX_CONFIG_FILE aims to point it at a readable file, so raising with a more understandable exception is expected or at least helpful. Otherwise, the user will usually get a DisallowedHost exception because the [pretix]url config variable is not set which is not as helpful.
 2017-07-31 18:33:16 +02:00
Raphael Michel
e16f8fc7e9 Add some user documentation 2017-07-31 18:31:20 +02:00
Raphael Michel
86f17094bb Hide quota options when creating a product with variations 2017-07-31 13:52:50 +02:00
Raphael Michel
b1b49758b1 Fix reversal bug 2017-07-31 12:54:57 +02:00
Raphael Michel
4790665759 bump version 2017-07-31 12:54:57 +02:00
Tobias Kunze
8ede492cba Add optional help_text to Question objects. Closes #574. (#579) 2017-07-31 10:54:57 +02:00
Raphael Michel
5f607cc034 Bump version v1.6.0 2017-07-30 20:36:45 +02:00
Raphael Michel
3b9f508be9 Create squash migration 2017-07-30 20:11:23 +02:00
Raphael Michel
89e381b7ea Update translations 2017-07-30 19:44:11 +02:00