Update reportlab requirement from ==4.4.* to ==4.5.* (#6138 )

Updates the requirements on [reportlab](https://www.reportlab.com/) to permit the latest version. --- updated-dependencies: - dependency-name: reportlab dependency-version: 4.5.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Force async_task_is_download to be downloaded if in iframe (Z#23234427) (#6194 )
2026-05-19 17:34:03 +00:00 · 2026-05-19 18:03:32 +02:00 · 2026-05-19 17:07:54 +02:00 · 2026-05-19 15:23:30 +02:00
3 changed files with 46 additions and 22 deletions
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -91,11 +91,11 @@ dependencies = [
  "pyuca",
  "qrcode==8.2",
  "redis==7.4.*",
-  "reportlab==4.4.*",
+  "reportlab==4.5.*",
  "requests==2.32.*",
  "sentry-sdk==2.60.*",
  "sepaxml==2.7.*",
-  "stripe==15.1.*",
+  "stripe==7.9.*",
  "text-unidecode==1.*",
  "tlds>=2026041800",
  "tqdm==4.*",
--- a/src/pretix/base/forms/questions.py
+++ b/src/pretix/base/forms/questions.py
@@ -35,6 +35,7 @@
 import copy
 import json
 import logging
+import re
 from datetime import timedelta
 from decimal import Decimal
 from io import BytesIO
@@ -47,9 +48,7 @@ from django.conf import settings
 from django.contrib import messages
 from django.core.exceptions import ValidationError
 from django.core.files.uploadedfile import SimpleUploadedFile
-from django.core.validators import (
-    MaxValueValidator, MinValueValidator, RegexValidator,
-)
+from django.core.validators import MaxValueValidator, MinValueValidator
 from django.db.models import QuerySet
 from django.forms import Select, widgets
 from django.forms.widgets import FILE_INPUT_CONTRADICTION
@@ -220,20 +219,6 @@ class NamePartsFormField(forms.MultiValueField):
        defaults = {
            'widget': self.widget,
            'max_length': kwargs.pop('max_length', None),
-            'validators': [
-                RegexValidator(
-                    # The following characters should never appear in a name anywhere of
-                    # the world. However, they commonly appear in inputs generated by spam
-                    # bots.
-                    r'^[^$€/%§{}<>~]*$',
-                    message=_('Please do not use special characters in names.')
-                ),
-                RegexValidator(
-                    URL_RE,
-                    inverse_match=True,
-                    message=_('Please do not use special characters in names.')
-                )
-            ]
        }
        self.max_length = defaults['max_length']
        self.scheme_name = kwargs.pop('scheme')
@@ -255,7 +240,6 @@ class NamePartsFormField(forms.MultiValueField):
            if fname == 'title' and self.scheme_titles:
                d = dict(defaults)
                d.pop('max_length', None)
-                d.pop('validators', None)
                field = forms.ChoiceField(
                    **d,
                    choices=[('', '')] + [(d, d) for d in self.scheme_titles[1]]
@@ -264,7 +248,6 @@ class NamePartsFormField(forms.MultiValueField):
            elif fname == 'salutation':
                d = dict(defaults)
                d.pop('max_length', None)
-                d.pop('validators', None)
                field = forms.ChoiceField(
                    **d,
                    choices=[
@@ -296,6 +279,37 @@ class NamePartsFormField(forms.MultiValueField):
        if sum(len(v) for v in value.values() if v) > (self.max_length or 250):
            raise forms.ValidationError(_('Please enter a shorter name.'), code='max_length')

+        for fname, label, size in self.scheme['fields']:
+            if fname == 'salutation' or (fname == 'title' and self.scheme_titles):
+                continue
+            v = value.get(fname)
+            if not v:
+                continue
+            special_chars = re.findall('[$€/%§{}<>~]', v)
+            if special_chars:
+                raise forms.ValidationError(
+                    _('The field "%(label)s" may not contain special characters such as "%(chars)s".'),
+                    code='name_special_chars',
+                    params={
+                        "label": label,
+                        "chars": "".join(special_chars),
+                    },
+                )
+            # URL_RE checks for valid domain names, including one special TLD med, which can be part of a title
+            if ".med" in v:
+                v = v.replace(".med", ". med")
+                value[fname] = v
+            url_matched = URL_RE.search(v)
+            if url_matched:
+                raise forms.ValidationError(
+                    _('The field "%(label)s" may not contain an URL (%(url)s).'),
+                    code='url_in_title',
+                    params={
+                        "label": label,
+                        "url": url_matched.group(0),
+                    }
+                )
+
        if value.get("salutation") == "empty":
            value["salutation"] = ""

--- a/src/pretix/static/pretixbase/js/asynctask.js
+++ b/src/pretix/static/pretixbase/js/asynctask.js
@@ -53,7 +53,17 @@ function async_task_on_success(data) {
            // hide waitingDialog when using browser's history back
            waitingDialog.hide();
        });
-        location.href = data.redirect;
+        if (async_task_is_download && window.self !== window.top) {
+            // if in an iframe, force to download an async_task_is_download
+            // e.g. pretix-reseller embeds order-page in iframe, which would cause ticket-PDFs to be displayed inline
+            var a = document.createElement("a");
+            a.href = data.redirect;
+            a.download = "";
+            a.target = "_blank";
+            a.click();
+        } else {
+            location.href = data.redirect;
+        }
    }
    $(this).trigger('pretix:async-task-success', data);
 }