Compare commits

...

5 Commits

Author SHA1 Message Date
Mira Weller a61609a89d Use SafeStrings for event_live_issues 2026-07-03 14:22:48 +02:00
Mira Weller 8ec1b83d25 Use SafeStrings for plugin signals returning HTML that should be rendered 2026-07-03 14:04:17 +02:00
Lukas Bockstaller 943b319557 use cookieretry only on presale event pages (Z#23236752) (#6297)
* use cookieretry only on presale event pages

* use csrfcookieretry only on event index page

* include static tag

* include csrfcookieretry in order.html as well

* Update src/pretix/static/pretixpresale/js/csrfcookieretry.js

Co-authored-by: Richard Schreiber <schreiber@pretix.eu>

---------

Co-authored-by: Richard Schreiber <schreiber@pretix.eu>
2026-07-03 13:56:47 +02:00
Richard Schreiber 28b13667ce Widget: add beta-flag to URL (#6338) 2026-07-03 12:04:54 +02:00
Raphael Michel b00d1c9156 Bump django-querytagger 2026-07-03 11:53:34 +02:00
9 changed files with 36 additions and 16 deletions
+1 -1
View File
@@ -53,7 +53,7 @@ dependencies = [
"django-oauth-toolkit==2.3.*",
"django-otp==1.7.*",
"django-phonenumber-field==8.4.*",
"django-querytagger==0.0.2",
"django-querytagger==0.0.3",
"django-redis==6.0.*",
"django-scopes==2.0.*",
"django-statici18n==2.7.*",
+6 -9
View File
@@ -1403,15 +1403,12 @@ class Event(EventMixin, LoggedModel):
for mp in self.organizer.meta_properties.all():
if mp.required and not self.meta_data.get(mp.name):
issues.append(
('<a {a_attr}>' + gettext('You need to fill the meta parameter "{property}".') + '</a>').format(
property=mp.name,
a_attr='href="%s#id_prop-%d-value"' % (
reverse('control:event.settings', kwargs={'organizer': self.organizer.slug, 'event': self.slug}),
mp.pk
)
)
)
issues.append(format_html(
'<a href="{href}{href_hash}">{text}</a>',
text=gettext('You need to fill the meta parameter "{property}".').format(property=mp.name),
href=reverse('control:event.settings', kwargs={'organizer': self.organizer.slug, 'event': self.slug}),
href_hash=f'#id_prop-{mp.pk}-value',
))
responses = event_live_issues.send(self)
for receiver, response in sorted(responses, key=lambda r: str(r[0])):
+3 -2
View File
@@ -22,6 +22,7 @@
import importlib
from django import template
from django.utils.html import conditional_escape
from django.utils.safestring import mark_safe
from pretix.base.models import Event
@@ -44,7 +45,7 @@ def eventsignal(event: Event, signame: str, **kwargs):
_html = []
for receiver, response in signal.send(event, **kwargs):
if response:
_html.append(response)
_html.append(conditional_escape(response))
return mark_safe("".join(_html))
@@ -63,5 +64,5 @@ def signal(signame: str, request, **kwargs):
_html = []
for receiver, response in signal.send(request, **kwargs):
if response:
_html.append(response)
_html.append(conditional_escape(response))
return mark_safe("".join(_html))
@@ -19,7 +19,7 @@
</p>
<ul>
{% for issue in issues %}
<li>{{ issue|safe }}</li>
<li>{{ issue }}</li>
{% endfor %}
</ul>
</div>
@@ -42,7 +42,7 @@
</p>
<ul>
{% for issue in issues %}
<li>{{ issue|safe }}</li>
<li>{{ issue }}</li>
{% endfor %}
</ul>
</div>
@@ -9,7 +9,7 @@
{% load anonymize_email %}
{% block thetitle %}
{% if messages %}
{{ messages|join:" " }} ::
{{ messages|join:" " }} ::
{% endif %}
{% block title %}{% endblock %}{% if request.resolver_match.url_name != "event.index" %} :: {% endif %}{{ event.name }}
{% endblock %}
@@ -1,6 +1,7 @@
{% extends "pretixpresale/event/base.html" %}
{% load i18n %}
{% load l10n %}
{% load static %}
{% load eventurl %}
{% load cache_large %}
{% load money %}
@@ -39,6 +40,7 @@
{% else %}
<meta property="og:url" content="{% abseventurl request.event "presale:event.index" %}" />
{% endif %}
<script type="text/javascript" src="{% static "pretixpresale/js/csrfcookieretry.js" %}"></script>
{% endblock %}
{% block content %}
@@ -6,6 +6,7 @@
{% load money %}
{% load expiresformat %}
{% load eventurl %}
{% load static %}
{% load phone_format %}
{% load rich_text %}
{% load getitem %}
@@ -22,6 +23,10 @@
{% endif %}
{% trans "Order details" %}
{% endblock %}
{% block custom_header %}
{{ block.super }}
<script type="text/javascript" src="{% static "pretixpresale/js/csrfcookieretry.js" %}"></script>
{% endblock %}
{% block content %}
{% if "thanks" in request.GET or "paid" in request.GET %}
<div class="thank-you">
+1 -1
View File
@@ -123,7 +123,7 @@ def widget_css_etag(request, version, **kwargs):
def _use_vite(request):
if getattr(settings, 'PRETIX_WIDGET_VITE', False):
if getattr(settings, 'PRETIX_WIDGET_VITE', False) or "beta" in request.GET:
return True
origin = request.META.get('HTTP_ORIGIN', '')
gs = GlobalSettingsObject()
@@ -0,0 +1,15 @@
document.addEventListener("DOMContentLoaded", () => {
const COOKIE_NAME = "__Host-pretix_csrftoken";
const RELOAD_FLAG = "csrfReloadPerformed";
const hasCookie = document.cookie
.split("; ")
.some((c) => c.startsWith(COOKIE_NAME + "="));
if (!hasCookie && !sessionStorage.getItem(RELOAD_FLAG)) {
sessionStorage.setItem(RELOAD_FLAG, "1");
location.reload();
} else if (hasCookie && sessionStorage.getItem(RELOAD_FLAG)) {
sessionStorage.removeItem(RELOAD_FLAG);
}
});