Allow to configure a readonly DB connection

Invoice address: Special validation for Belgium (Z#23224796) (#5970 )
* Invoice address: Special validation for Belgium (Z#23224796) * Update src/pretix/base/invoicing/peppol.py Co-authored-by: pajowu <engelhardt@pretix.eu> --------- Co-authored-by: pajowu <engelhardt@pretix.eu>
2026-06-27 03:56:15 +00:00 · 2026-03-10 15:48:27 +01:00 · 2026-03-10 09:57:44 +01:00 · 2026-03-10 09:56:29 +01:00 · 2026-03-10 09:54:54 +01:00 · 2026-03-10 09:53:09 +01:00
184 changed files with 185081 additions and 126321 deletions
@@ -1719,6 +1719,56 @@ List of all order positions
   :statuscode 401: Authentication failure
   :statuscode 403: The requested organizer/event does not exist **or** you have no permission to view this resource.

+.. http:get:: /api/v1/organizers/(organizer)/orderpositions/
+
+   Returns a list of all order positions within all events of a given organizer (with sufficient access permissions).
+
+   The supported query parameters and output format of this endpoint are almost identical to those of the list endpoint
+   within an event.
+   The only changes are that responses also contain the ``event`` attribute in each result and that the 'pdf_data'
+   parameter is not supported.
+
+   **Example request**:
+
+   .. sourcecode:: http
+
+      GET /api/v1/organizers/bigevents/orderpositions/ HTTP/1.1
+      Host: pretix.eu
+      Accept: application/json, text/javascript
+
+   **Example response**:
+
+   .. sourcecode:: http
+
+      HTTP/1.1 200 OK
+      Vary: Accept
+      Content-Type: application/json
+      X-Page-Generated: 2017-12-01T10:00:00Z
+
+      {
+        "count": 1,
+        "next": null,
+        "previous": null,
+        "results": [
+          {
+            "id:": 23442
+            "event": "sampleconf",
+            "order": "ABC12",
+            "positionid": 1,
+            "canceled": false,
+            "item": 1345,
+            ...
+          }
+        ]
+      }
+
+   :param organizer: The ``slug`` field of the organizer to fetch
+   :statuscode 200: no error
+   :statuscode 401: Authentication failure
+   :statuscode 403: The requested organizer/event does not exist **or** you have no permission to view this resource.
+
+
+
 Fetching individual positions
 -----------------------------

@@ -60,6 +60,9 @@ The following values for ``action_types`` are valid with pretix core:
    * ``pretix.event.added``
    * ``pretix.event.changed``
    * ``pretix.event.deleted``
+    * ``pretix.giftcards.created``
+    * ``pretix.giftcards.modified``
+    * ``pretix.giftcards.transaction.*``
    * ``pretix.voucher.added``
    * ``pretix.voucher.changed``
    * ``pretix.voucher.deleted``
@@ -1,6 +1,6 @@
 sphinx==9.1.*
 sphinx-rtd-theme~=3.1.0
-sphinxcontrib-httpdomain~=1.8.1
+sphinxcontrib-httpdomain~=2.0.0
 sphinxcontrib-images~=1.0.1
 sphinxcontrib-jquery~=4.1
 sphinxcontrib-spelling~=8.0.2
@@ -1,7 +1,7 @@
 -e ../
 sphinx==9.1.*
 sphinx-rtd-theme~=3.1.0
-sphinxcontrib-httpdomain~=1.8.1
+sphinxcontrib-httpdomain~=2.0.0
 sphinxcontrib-images~=1.0.1
 sphinxcontrib-jquery~=4.1
 sphinxcontrib-spelling~=8.0.2
@@ -33,7 +33,7 @@ dependencies = [
  "celery==5.6.*",
  "chardet==5.2.*",
  "cryptography>=44.0.0",
-  "css-inline==0.19.*",
+  "css-inline==0.20.*",
  "defusedcsv>=1.1.0",
  "dnspython==2.*",
  "Django[argon2]==4.2.*,>=4.2.26",
@@ -65,7 +65,7 @@ dependencies = [
  "kombu==5.6.*",
  "libsass==0.23.*",
  "lxml",
-  "markdown==3.10.1",  # 3.3.5 requires importlib-metadata>=4.4, but django-bootstrap3 requires importlib-metadata<3.
+  "markdown==3.10.2",  # 3.3.5 requires importlib-metadata>=4.4, but django-bootstrap3 requires importlib-metadata<3.
  # We can upgrade markdown again once django-bootstrap3 upgrades or once we drop Python 3.6 and 3.7
  "mt-940==4.30.*",
  "oauthlib==3.3.*",
@@ -73,11 +73,11 @@ dependencies = [
  "packaging",
  "paypalrestsdk==1.13.*",
  "paypal-checkout-serversdk==1.0.*",
-  "PyJWT==2.10.*",
+  "PyJWT==2.11.*",
  "phonenumberslite==9.0.*",
  "Pillow==12.1.*",
  "pretix-plugin-build",
-  "protobuf==6.33.*",
+  "protobuf==7.34.*",
  "psycopg2-binary",
  "pycountry",
  "pycparser==3.0",
@@ -92,7 +92,7 @@ dependencies = [
  "redis==7.1.*",
  "reportlab==4.4.*",
  "requests==2.32.*",
-  "sentry-sdk==2.51.*",
+  "sentry-sdk==2.54.*",
  "sepaxml==2.7.*",
  "stripe==7.9.*",
  "text-unidecode==1.*",
@@ -110,10 +110,10 @@ dev = [
  "aiohttp==3.13.*",
  "coverage",
  "coveralls",
-  "fakeredis==2.33.*",
+  "fakeredis==2.34.*",
  "flake8==7.3.*",
  "freezegun",
-  "isort==7.0.*",
+  "isort==8.0.*",
  "pep8-naming==0.15.*",
  "potypo",
  "pytest-asyncio>=0.24",
@@ -19,4 +19,4 @@
 # You should have received a copy of the GNU Affero General Public License along with this program.  If not, see
 # <https://www.gnu.org/licenses/>.
 #
-__version__ = "2026.2.0.dev0"
+__version__ = "2026.3.0.dev0"
@@ -19,6 +19,7 @@
 # You should have received a copy of the GNU Affero General Public License along with this program.  If not, see
 # <https://www.gnu.org/licenses/>.
 #
+import json
 import logging
 import os
 from collections import Counter, defaultdict
@@ -636,6 +637,14 @@ class OrderPositionSerializer(I18nAwareModelSerializer):
        return entry


+class OrganizerOrderPositionSerializer(OrderPositionSerializer):
+    event = SlugRelatedField(slug_field='slug', read_only=True)
+
+    class Meta(OrderPositionSerializer.Meta):
+        fields = OrderPositionSerializer.Meta.fields + ('event',)
+        read_only_fields = OrderPositionSerializer.Meta.read_only_fields + ('event',)
+
+
 class RequireAttentionField(serializers.Field):
    def to_representation(self, instance: OrderPosition):
        return instance.require_checkin_attention
@@ -1215,6 +1224,18 @@ class OrderCreateSerializer(I18nAwareModelSerializer):
            raise ValidationError('The given payment provider is not known.')
        return pp

+    def validate_payment_info(self, info):
+        if info:
+            try:
+                obj = json.loads(info)
+            except ValueError:
+                raise ValidationError('payment_info must be valid JSON.')
+
+            if not isinstance(obj, dict):
+                # only objects are allowed
+                raise ValidationError('payment_info must be a JSON object.')
+        return info
+
    def validate_expires(self, expires):
        if expires < now():
            raise ValidationError('Expiration date must be in the future.')
@@ -365,9 +365,10 @@ class TeamInviteSerializer(serializers.ModelSerializer):
    def _send_invite(self, instance):
        mail(
            instance.email,
-            _('pretix account invitation'),
+            _('Account invitation'),
            'pretixcontrol/email/invitation.txt',
            {
+                'instance': settings.PRETIX_INSTANCE_NAME,
                'user': self,
                'organizer': self.context['organizer'].name,
                'team': instance.team.name,
@@ -67,6 +67,7 @@ orga_router.register(r'invoices', order.InvoiceViewSet)
 orga_router.register(r'scheduled_exports', exporters.ScheduledOrganizerExportViewSet)
 orga_router.register(r'exporters', exporters.OrganizerExportersViewSet, basename='exporters')
 orga_router.register(r'transactions', order.OrganizerTransactionViewSet)
+orga_router.register(r'orderpositions', order.OrganizerOrderPositionViewSet, basename='orderpositions')

 team_router = routers.DefaultRouter()
 team_router.register(r'members', organizer.TeamMemberViewSet)
@@ -83,7 +84,7 @@ event_router.register(r'discounts', discount.DiscountViewSet)
 event_router.register(r'quotas', item.QuotaViewSet)
 event_router.register(r'vouchers', voucher.VoucherViewSet)
 event_router.register(r'orders', order.EventOrderViewSet)
-event_router.register(r'orderpositions', order.OrderPositionViewSet)
+event_router.register(r'orderpositions', order.EventOrderPositionViewSet)
 event_router.register(r'transactions', order.TransactionViewSet)
 event_router.register(r'invoices', order.InvoiceViewSet)
 event_router.register(r'revokedsecrets', order.RevokedSecretViewSet, basename='revokedsecrets')
@@ -188,11 +188,15 @@ class CheckinListViewSet(viewsets.ModelViewSet):
        clist = self.get_object()
        if serializer.validated_data.get('nonce'):
            if kwargs.get('position'):
-                prev = kwargs['position'].all_checkins.filter(nonce=serializer.validated_data['nonce']).first()
+                prev = kwargs['position'].all_checkins.filter(
+                    nonce=serializer.validated_data['nonce'],
+                    successful=False
+                ).first()
            else:
                prev = clist.checkins.filter(
                    nonce=serializer.validated_data['nonce'],
                    raw_barcode=serializer.validated_data['raw_barcode'],
+                    successful=False
                ).first()
            if prev:
                # Ignore because nonce is already handled
@@ -57,9 +57,10 @@ from pretix.api.serializers.order import (
    BlockedTicketSecretSerializer, InvoiceSerializer, OrderCreateSerializer,
    OrderPaymentCreateSerializer, OrderPaymentSerializer,
    OrderPositionSerializer, OrderRefundCreateSerializer,
-    OrderRefundSerializer, OrderSerializer, OrganizerTransactionSerializer,
-    PriceCalcSerializer, PrintLogSerializer, RevokedTicketSecretSerializer,
-    SimulatedOrderSerializer, TransactionSerializer,
+    OrderRefundSerializer, OrderSerializer, OrganizerOrderPositionSerializer,
+    OrganizerTransactionSerializer, PriceCalcSerializer, PrintLogSerializer,
+    RevokedTicketSecretSerializer, SimulatedOrderSerializer,
+    TransactionSerializer,
 )
 from pretix.api.serializers.orderchange import (
    BlockNameSerializer, OrderChangeOperationSerializer,
@@ -1065,8 +1066,7 @@ with scopes_disabled():
            }


-class OrderPositionViewSet(viewsets.ModelViewSet):
-    serializer_class = OrderPositionSerializer
+class OrderPositionViewSetMixin:
    queryset = OrderPosition.all.none()
    filter_backends = (DjangoFilterBackend, RichOrderingFilter)
    ordering = ('order__datetime', 'positionid')
@@ -1087,8 +1087,7 @@ class OrderPositionViewSet(viewsets.ModelViewSet):

    def get_serializer_context(self):
        ctx = super().get_serializer_context()
-        ctx['event'] = self.request.event
-        ctx['pdf_data'] = self.request.query_params.get('pdf_data', 'false').lower() == 'true'
+        ctx['pdf_data'] = False
        ctx['check_quotas'] = self.request.query_params.get('check_quotas', 'true').lower() == 'true'
        return ctx

@@ -1097,9 +1096,8 @@ class OrderPositionViewSet(viewsets.ModelViewSet):
            qs = OrderPosition.all
        else:
            qs = OrderPosition.objects
-
-        qs = qs.filter(order__event=self.request.event)
-        if self.request.query_params.get('pdf_data', 'false').lower() == 'true':
+        qs = qs.filter(order__event__organizer=self.request.organizer)
+        if self.request.query_params.get('pdf_data', 'false').lower() == 'true' and getattr(self.request, 'event', None):
            prefetch_related_objects([self.request.organizer], 'meta_properties')
            prefetch_related_objects(
                [self.request.event],
@@ -1154,9 +1152,9 @@ class OrderPositionViewSet(viewsets.ModelViewSet):
            qs = qs.prefetch_related(
                Prefetch('checkins', queryset=Checkin.objects.select_related("device")),
                Prefetch('print_logs', queryset=PrintLog.objects.select_related('device')),
-                'answers', 'answers__options', 'answers__question',
+                'answers', 'answers__options', 'answers__question', 'order__event', 'order__event__organizer'
            ).select_related(
-                'item', 'order', 'order__event', 'order__event__organizer', 'seat'
+                'item', 'order', 'seat'
            )
        return qs

@@ -1168,6 +1166,45 @@ class OrderPositionViewSet(viewsets.ModelViewSet):
                return prov
        raise NotFound('Unknown output provider.')

+
+class OrganizerOrderPositionViewSet(OrderPositionViewSetMixin, viewsets.ReadOnlyModelViewSet):
+    serializer_class = OrganizerOrderPositionSerializer
+
+    def get_queryset(self):
+        qs = super().get_queryset()
+
+        perm = self.permission if self.request.method in SAFE_METHODS else self.write_permission
+
+        if isinstance(self.request.auth, (TeamAPIToken, Device)):
+            auth_obj = self.request.auth
+        elif self.request.user.is_authenticated:
+            auth_obj = self.request.user
+        else:
+            raise PermissionDenied("Unknown authentication scheme")
+
+        qs = qs.filter(
+            order__event__in=auth_obj.get_events_with_permission(perm, request=self.request).filter(
+                organizer=self.request.organizer
+            )
+        )
+
+        return qs
+
+
+class EventOrderPositionViewSet(OrderPositionViewSetMixin, viewsets.ModelViewSet):
+    serializer_class = OrderPositionSerializer
+
+    def get_serializer_context(self):
+        ctx = super().get_serializer_context()
+        ctx['event'] = self.request.event
+        ctx['pdf_data'] = self.request.query_params.get('pdf_data', 'false').lower() == 'true'
+        return ctx
+
+    def get_queryset(self):
+        qs = super().get_queryset()
+        qs = qs.filter(order__event=self.request.event)
+        return qs
+
    @action(detail=True, methods=['POST'], url_name='price_calc')
    def price_calc(self, request, *args, **kwargs):
        """
@@ -249,12 +249,24 @@ class GiftCardViewSet(viewsets.ModelViewSet):
    def perform_create(self, serializer):
        value = serializer.validated_data.pop('value')
        inst = serializer.save(issuer=self.request.organizer)
-        inst.transactions.create(value=value, acceptor=self.request.organizer)
        inst.log_action(
-            'pretix.giftcards.transaction.manual',
+            action='pretix.giftcards.created',
            user=self.request.user,
            auth=self.request.auth,
-            data=merge_dicts(self.request.data, {'id': inst.pk})
+        )
+        inst.transactions.create(value=value, acceptor=self.request.organizer)
+        inst.log_action(
+            action='pretix.giftcards.transaction.manual',
+            user=self.request.user,
+            auth=self.request.auth,
+            data=merge_dicts(
+                self.request.data,
+                {
+                    'id': inst.pk,
+                    'acceptor_id': self.request.organizer.id,
+                    'acceptor_slug': self.request.organizer.slug
+                }
+            )
        )

    @transaction.atomic()
@@ -269,7 +281,7 @@ class GiftCardViewSet(viewsets.ModelViewSet):
            inst = serializer.save(secret=serializer.instance.secret, currency=serializer.instance.currency,
                                   testmode=serializer.instance.testmode)
            inst.log_action(
-                'pretix.giftcards.modified',
+                action='pretix.giftcards.modified',
                user=self.request.user,
                auth=self.request.auth,
                data=self.request.data,
@@ -282,10 +294,14 @@ class GiftCardViewSet(viewsets.ModelViewSet):
            diff = value - old_value
            inst.transactions.create(value=diff, acceptor=self.request.organizer)
            inst.log_action(
-                'pretix.giftcards.transaction.manual',
+                action='pretix.giftcards.transaction.manual',
                user=self.request.user,
                auth=self.request.auth,
-                data={'value': diff}
+                data={
+                    'value': diff,
+                    'acceptor_id': self.request.organizer.id,
+                    'acceptor_slug': self.request.organizer.slug
+                }
            )

        return inst
@@ -309,10 +325,15 @@ class GiftCardViewSet(viewsets.ModelViewSet):
            }, status=status.HTTP_409_CONFLICT)
        gc.transactions.create(value=value, text=text, info=info, acceptor=self.request.organizer)
        gc.log_action(
-            'pretix.giftcards.transaction.manual',
+            action='pretix.giftcards.transaction.manual',
            user=self.request.user,
            auth=self.request.auth,
-            data={'value': value, 'text': text}
+            data={
+                'value': value,
+                'text': text,
+                'acceptor_id': self.request.organizer.id,
+                'acceptor_slug': self.request.organizer.slug
+            }
        )
        return Response(GiftCardSerializer(gc, context=self.get_serializer_context()).data, status=status.HTTP_200_OK)

@@ -174,6 +174,38 @@ class ParametrizedEventWebhookEvent(ParametrizedWebhookEvent):
        }


+class ParametrizedGiftcardWebhookEvent(ParametrizedWebhookEvent):
+    def build_payload(self, logentry: LogEntry):
+        giftcard = logentry.content_object
+        if not giftcard:
+            return None
+
+        return {
+            'notification_id': logentry.pk,
+            'issuer_id': logentry.organizer_id,
+            'issuer_slug': logentry.organizer.slug,
+            'giftcard': giftcard.pk,
+            'action': logentry.action_type,
+        }
+
+
+class ParametrizedGiftcardTransactionWebhookEvent(ParametrizedWebhookEvent):
+    def build_payload(self, logentry: LogEntry):
+        giftcard = logentry.content_object
+        if not giftcard:
+            return None
+
+        return {
+            'notification_id': logentry.pk,
+            'issuer_id': logentry.organizer_id,
+            'issuer_slug': logentry.organizer.slug,
+            'acceptor_id': logentry.parsed_data.get('acceptor_id'),
+            'acceptor_slug': logentry.parsed_data.get('acceptor_slug'),
+            'giftcard': giftcard.pk,
+            'action': logentry.action_type,
+        }
+
+
 class ParametrizedVoucherWebhookEvent(ParametrizedWebhookEvent):

    def build_payload(self, logentry: LogEntry):
@@ -433,6 +465,18 @@ def register_default_webhook_events(sender, **kwargs):
            'pretix.customer.anonymized',
            _('Customer account anonymized'),
        ),
+        ParametrizedGiftcardWebhookEvent(
+            'pretix.giftcards.created',
+            _('Gift card added'),
+        ),
+        ParametrizedGiftcardWebhookEvent(
+            'pretix.giftcards.modified',
+            _('Gift card modified'),
+        ),
+        ParametrizedGiftcardTransactionWebhookEvent(
+            'pretix.giftcards.transaction.*',
+            _('Gift card used in transaction'),
+        )
    )


@@ -216,7 +216,10 @@ class OutboundSyncProvider:

            try:
                mapped_objects = self.sync_order(sq.order)
-                if not all(all(not res or res.sync_info.get("action", "") == "nothing_to_do" for res in res_list) for res_list in mapped_objects.values()):
+                actions_taken = [res and res.sync_info.get("action", "") for res_list in mapped_objects.values() for res in res_list]
+                should_write_logentry = any(action not in (None, "nothing_to_do") for action in actions_taken)
+                logger.info('Synced order %s to %s, actions: %r, log: %r', sq.order.code, sq.sync_provider, actions_taken, should_write_logentry)
+                if should_write_logentry:
                    sq.order.log_action("pretix.event.order.data_sync.success", {
                        "provider": self.identifier,
                        "objects": {
@@ -237,7 +240,7 @@ class OutboundSyncProvider:
                    sq.set_sync_error("exceeded", e.messages, e.full_message)
                else:
                    logger.info(
-                        f"Could not sync order {sq.order.code} to {type(self).__name__} "
+                        f"Could not sync order {sq.order.code} to {sq.sync_provider} "
                        f"(transient error, attempt #{sq.failed_attempts}, next {sq.not_before})",
                        exc_info=True,
                    )
@@ -39,7 +39,7 @@ from pretix.base.templatetags.rich_text import (
    DEFAULT_CALLBACKS, EMAIL_RE, URL_RE, abslink_callback,
    markdown_compile_email, truelink_callback,
 )
-from pretix.helpers.format import SafeFormatter, format_map
+from pretix.helpers.format import FormattedString, SafeFormatter, format_map

 from pretix.base.services.placeholders import (  # noqa
    get_available_placeholders, PlaceholderContext
@@ -141,6 +141,7 @@ class TemplateBasedMailRenderer(BaseHTMLMailRenderer):
        return markdown_compile_email(plaintext, context=context)

    def render(self, plain_body: str, plain_signature: str, subject: str, order, position, context) -> str:
+        apply_format_map = not isinstance(plain_body, FormattedString)
        body_md = self.compile_markdown(plain_body, context)
        if context:
            linker = bleach.Linker(
@@ -149,12 +150,13 @@ class TemplateBasedMailRenderer(BaseHTMLMailRenderer):
                callbacks=DEFAULT_CALLBACKS + [truelink_callback, abslink_callback],
                parse_email=True
            )
-            body_md = format_map(
-                body_md,
-                context=context,
-                mode=SafeFormatter.MODE_RICH_TO_HTML,
-                linkifier=linker
-            )
+            if apply_format_map:
+                body_md = format_map(
+                    body_md,
+                    context=context,
+                    mode=SafeFormatter.MODE_RICH_TO_HTML,
+                    linkifier=linker
+                )
        htmlctx = {
            'site': settings.PRETIX_INSTANCE_NAME,
            'site_url': settings.SITE_URL,
@@ -651,6 +651,7 @@ class OrderListExporter(MultiSheetListExporter):
            pgettext('address', 'State'),
            _('Voucher'),
            _('Voucher budget usage'),
+            _('Voucher tag'),
            _('Pseudonymization ID'),
            _('Ticket secret'),
            _('Seat ID'),
@@ -769,6 +770,7 @@ class OrderListExporter(MultiSheetListExporter):
                    op.state_for_address or '',
                    op.voucher.code if op.voucher else '',
                    op.voucher_budget_use if op.voucher_budget_use else '',
+                    op.voucher.tag if op.voucher else '',
                    op.pseudonymization_id,
                    op.secret,
                ]
@@ -890,18 +890,18 @@ class BaseQuestionsForm(forms.Form):
                if not help_text:
                    if q.valid_date_min and q.valid_date_max:
                        help_text = format_lazy(
-                            'Please enter a date between {min} and {max}.',
+                            _('Please enter a date between {min} and {max}.'),
                            min=date_format(q.valid_date_min, "SHORT_DATE_FORMAT"),
                            max=date_format(q.valid_date_max, "SHORT_DATE_FORMAT"),
                        )
                    elif q.valid_date_min:
                        help_text = format_lazy(
-                            'Please enter a date no earlier than {min}.',
+                            _('Please enter a date no earlier than {min}.'),
                            min=date_format(q.valid_date_min, "SHORT_DATE_FORMAT"),
                        )
                    elif q.valid_date_max:
                        help_text = format_lazy(
-                            'Please enter a date no later than {max}.',
+                            _('Please enter a date no later than {max}.'),
                            max=date_format(q.valid_date_max, "SHORT_DATE_FORMAT"),
                        )
                if initial and initial.answer:
@@ -939,18 +939,18 @@ class BaseQuestionsForm(forms.Form):
                if not help_text:
                    if q.valid_datetime_min and q.valid_datetime_max:
                        help_text = format_lazy(
-                            'Please enter a date and time between {min} and {max}.',
+                            _('Please enter a date and time between {min} and {max}.'),
                            min=date_format(q.valid_datetime_min, "SHORT_DATETIME_FORMAT"),
                            max=date_format(q.valid_datetime_max, "SHORT_DATETIME_FORMAT"),
                        )
                    elif q.valid_datetime_min:
                        help_text = format_lazy(
-                            'Please enter a date and time no earlier than {min}.',
+                            _('Please enter a date and time no earlier than {min}.'),
                            min=date_format(q.valid_datetime_min, "SHORT_DATETIME_FORMAT"),
                        )
                    elif q.valid_datetime_max:
                        help_text = format_lazy(
-                            'Please enter a date and time no later than {max}.',
+                            _('Please enter a date and time no later than {max}.'),
                            max=date_format(q.valid_datetime_max, "SHORT_DATETIME_FORMAT"),
                        )

@@ -1415,6 +1415,7 @@ class BaseInvoiceAddressForm(forms.ModelForm):
                    if not data.get(r):
                        raise ValidationError({r: _("This field is required for the selected type of invoice transmission.")})

+                transmission_type.validate_invoice_address_data(data)
                self.instance.transmission_type = transmission_type.identifier
                self.instance.transmission_info = transmission_type.form_data_to_transmission_info(data)
            elif transmission_type.is_exclusive(self.event, data.get("country"), data.get("is_business")):
@@ -42,6 +42,8 @@ from django.utils.html import escape
 from django.utils.timezone import get_current_timezone, now
 from django.utils.translation import gettext_lazy as _

+from pretix.helpers.format import PlainHtmlAlternativeString
+

 def replace_arabic_numbers(inp):
    if not isinstance(inp, str):
@@ -61,11 +63,18 @@ def replace_arabic_numbers(inp):
    return inp.translate(table)


+def format_placeholder_help_text(placeholder_name, sample_value):
+    if isinstance(sample_value, PlainHtmlAlternativeString):
+        sample_value = sample_value.plain
+    title = (_("Sample: %s") % sample_value) if sample_value else ""
+    return ('<button type="button" class="content-placeholder" title="%s">{%s}</button>' % (escape(title), escape(placeholder_name)))
+
+
 def format_placeholders_help_text(placeholders, event=None):
    placeholders = [(k, v.render_sample(event) if event else v) for k, v in placeholders.items()]
    placeholders.sort(key=lambda x: x[0])
    phs = [
-        '<button type="button" class="content-placeholder" title="%s">{%s}</button>' % (escape(_("Sample: %s") % v) if v else "", escape(k))
+        format_placeholder_help_text(k, v)
        for k, v in placeholders
    ]
    return _('Available placeholders: {list}').format(
@@ -33,8 +33,7 @@ from pretix.base.invoicing.transmission import (
    transmission_types,
 )
 from pretix.base.models import Invoice, InvoiceAddress
-from pretix.base.services.mail import mail, render_mail
-from pretix.helpers.format import format_map
+from pretix.base.services.mail import mail


@transmission_types.new()
@@ -134,9 +133,7 @@ class EmailTransmissionProvider(TransmissionProvider):
            subject = invoice.order.event.settings.get('mail_subject_order_invoice', as_type=LazyI18nString)

            # Do not set to completed because that is done by the email sending task
-            subject = format_map(subject, context)
-            email_content = render_mail(template, context)
-            mail(
+            outgoing_mail = mail(
                [recipient],
                subject,
                template,
@@ -151,19 +148,10 @@ class EmailTransmissionProvider(TransmissionProvider):
                plain_text_only=True,
                no_order_links=True,
            )
-            invoice.order.log_action(
-                'pretix.event.order.email.invoice',
-                user=None,
-                auth=None,
-                data={
-                    'subject': subject,
-                    'message': email_content,
-                    'position': None,
-                    'recipient': recipient,
-                    'invoices': [invoice.pk],
-                    'attach_tickets': False,
-                    'attach_ical': False,
-                    'attach_other_files': [],
-                    'attach_cached_files': [],
-                }
-            )
+            if outgoing_mail:
+                invoice.order.log_action(
+                    'pretix.event.order.email.invoice',
+                    user=None,
+                    auth=None,
+                    data=outgoing_mail.log_data()
+                )
@@ -148,6 +148,10 @@ class NumberedCanvas(Canvas):
        self.restoreState()


+class InvoiceNotReadyException(Exception):
+    pass
+
+
 class BaseInvoiceRenderer:
    """
    This is the base class for all invoice renderers.
@@ -204,6 +204,12 @@ class PeppolTransmissionType(TransmissionType):
        }
        return base | {"transmission_peppol_participant_id"}

+    def validate_invoice_address_data(self, address_data: dict):
+        # Special case Belgium: If a Belgian business ID is used as Peppol ID, it should match the VAT ID
+        if address_data.get("transmission_peppol_participant_id").startswith("0208:") and address_data.get("vat_id"):
+            if address_data["vat_id"].removeprefix("BE") != address_data["transmission_peppol_participant_id"].removeprefix("0208:"):
+                raise ValidationError({"transmission_peppol_participant_id": _("The Peppol participant ID does not match your VAT ID.")})
+
    def pdf_watermark(self) -> str:
        return pgettext("peppol_invoice", "Visual copy")

@@ -21,9 +21,10 @@
 #
 from typing import Optional

+from django.utils.translation import gettext_lazy as _
 from django_countries.fields import Country

-from pretix.base.models import Invoice, InvoiceAddress
+from pretix.base.models import Invoice
 from pretix.base.signals import EventPluginRegistry, Registry


@@ -88,7 +89,7 @@ class TransmissionType:
    def invoice_address_form_fields_visible(self, country: Country, is_business: bool) -> set:
        return set(self.invoice_address_form_fields.keys())

-    def validate_address(self, ia: InvoiceAddress):
+    def validate_invoice_address_data(self, address_data: dict):
        pass

    @property
@@ -106,6 +107,22 @@ class TransmissionType:
    def transmission_info_to_form_data(self, transmission_info: dict) -> dict:
        return transmission_info

+    def describe_info(self, transmission_info: dict, country: Country, is_business: bool):
+        form_data = self.transmission_info_to_form_data(transmission_info)
+        data = []
+        visible_field_keys = self.invoice_address_form_fields_visible(country, is_business)
+        for k, f in self.invoice_address_form_fields.items():
+            if k not in visible_field_keys:
+                continue
+            v = form_data.get(k)
+            if v is True:
+                v = _("Yes")
+            elif v is False:
+                v = _("No")
+            if v:
+                data.append((f.label, v))
+        return data
+
    def pdf_watermark(self) -> Optional[str]:
        """
        Return a watermark that should be rendered across the PDF file.
@@ -132,7 +132,7 @@ class AllowIgnoreQuotaColumn(BooleanColumnMixin, ImportColumn):

 class PriceModeColumn(ImportColumn):
    identifier = 'price_mode'
-    verbose_name = gettext_lazy('Price mode')
+    verbose_name = gettext_lazy('Price effect')
    default_value = None
    initial = 'static:none'

@@ -147,7 +147,7 @@ class PriceModeColumn(ImportColumn):
        elif value in reverse:
            return reverse[value]
        else:
-            raise ValidationError(_("Could not parse {value} as a price mode, use one of {options}.").format(
+            raise ValidationError(_("Could not parse {value} as a price effect, use one of {options}.").format(
                value=value, options=', '.join(d.keys())
            ))

@@ -162,7 +162,7 @@ class ValueColumn(DecimalColumnMixin, ImportColumn):
    def clean(self, value, previous_values):
        value = super().clean(value, previous_values)
        if value and previous_values.get("price_mode") == "none":
-            raise ValidationError(_("It is pointless to set a value without a price mode."))
+            raise ValidationError(_("It is pointless to set a value without a price effect."))
        return value

    def assign(self, value, obj: Voucher, **kwargs):
@@ -346,7 +346,8 @@ class User(AbstractBaseUser, PermissionsMixin, LoggingMixin):
            {
                'user': self,
                'messages': msg,
-                'url': build_absolute_uri('control:user.settings')
+                'url': build_absolute_uri('control:user.settings'),
+                'instance': settings.PRETIX_INSTANCE_NAME,
            },
            event=None,
            user=self,
@@ -391,6 +392,7 @@ class User(AbstractBaseUser, PermissionsMixin, LoggingMixin):
                'user': self,
                'reason': msg,
                'code': code,
+                'instance': settings.PRETIX_INSTANCE_NAME,
            },
            event=None,
            user=self,
@@ -430,6 +432,7 @@ class User(AbstractBaseUser, PermissionsMixin, LoggingMixin):
        mail(
            self.email, _('Password recovery'), 'pretixcontrol/email/forgot.txt',
            {
+                'instance': settings.PRETIX_INSTANCE_NAME,
                'user': self,
                'url': (build_absolute_uri('control:auth.forgot.recover')
                        + '?id=%d&token=%s' % (self.id, default_token_generator.make_token(self)))
@@ -130,6 +130,8 @@ class LoggingMixin:
            organizer_id = self.event.organizer_id
        elif hasattr(self, 'organizer_id'):
            organizer_id = self.organizer_id
+        elif hasattr(self, 'issuer_id'):
+            organizer_id = self.issuer_id

        if user and not user.is_authenticated:
            user = None
@@ -40,6 +40,7 @@ from i18nfield.fields import I18nCharField
 from phonenumber_field.modelfields import PhoneNumberField

 from pretix.base.banlist import banned
+from pretix.base.i18n import language
 from pretix.base.models.base import LoggedModel
 from pretix.base.models.fields import MultiStringField
 from pretix.base.models.giftcards import GiftCardTransaction
@@ -164,6 +165,28 @@ class Customer(LoggedModel):
        self.attendee_profiles.all().delete()
        self.invoice_addresses.all().delete()

+    def send_security_notice(self, message, email=None):
+        from pretix.base.services.mail import SendMailException, mail
+        from pretix.multidomain.urlreverse import build_absolute_uri
+
+        try:
+            with language(self.locale):
+                mail(
+                    email or self.email,
+                    self.organizer.settings.mail_subject_customer_security_notice,
+                    self.organizer.settings.mail_text_customer_security_notice,
+                    {
+                        **self.get_email_context(),
+                        'message': str(message),
+                        'url': build_absolute_uri(self.organizer, 'presale:organizer.customer.index')
+                    },
+                    customer=self,
+                    organizer=self.organizer,
+                    locale=self.locale
+                )
+        except SendMailException:
+            pass  # Already logged
+
    @scopes_disabled()
    def assign_identifier(self):
        charset = list('ABCDEFGHJKLMNPQRSTUVWXYZ23456789')
@@ -86,7 +86,7 @@ class OrderSyncQueue(models.Model):

    def set_sync_error(self, failure_mode, messages, full_message):
        logger.exception(
-            f"Could not sync order {self.order.code} to {type(self).__name__} ({failure_mode})"
+            f"Could not sync order {self.order.code} to {self.sync_provider} ({failure_mode})"
        )
        self.order.log_action(f"pretix.event.order.data_sync.failed.{failure_mode}", {
            "provider": self.sync_provider,
@@ -220,3 +220,20 @@ class OutgoingMail(models.Model):
            error_log_action_type = 'pretix.email.error'
            log_target = None
        return log_target, error_log_action_type
+
+    def log_data(self):
+        return {
+            "subject": self.subject,
+            "message": self.body_plain,
+            "to": self.to,
+            "cc": self.cc,
+            "bcc": self.bcc,
+
+            "invoices": [i.pk for i in self.should_attach_invoices.all()],
+            "attach_tickets": self.should_attach_tickets,
+            "attach_ical": self.should_attach_ical,
+            "attach_other_files": self.should_attach_other_files,
+            "attach_cached_files": [cf.filename for cf in self.should_attach_cached_files.all()],
+
+            "position": self.orderposition.positionid if self.orderposition else None,
+        }
@@ -87,7 +87,6 @@ from pretix.base.timemachine import time_machine_now

 from ...helpers import OF_SELF
 from ...helpers.countries import CachedCountries, FastCountryField
-from ...helpers.format import format_map
 from ...helpers.names import build_name
 from ...testutils.middleware import debugflags_var
 from ._transactions import (
@@ -1167,7 +1166,7 @@ class Order(LockModel, LoggedModel):
                         only be attached for this position and child positions, the link will only point to the
                         position and the attendee email will be used if available.
        """
-        from pretix.base.services.mail import mail, render_mail
+        from pretix.base.services.mail import mail

        if not self.email and not (position and position.attendee_email):
            return
@@ -1177,31 +1176,20 @@ class Order(LockModel, LoggedModel):
            if position and position.attendee_email:
                recipient = position.attendee_email

-            email_content = render_mail(template, context)
-            subject = format_map(subject, context)
-            mail(
+            outgoing_mail = mail(
                recipient, subject, template, context,
                self.event, self.locale, self, headers=headers, sender=sender,
                invoices=invoices, attach_tickets=attach_tickets,
                position=position, auto_email=auto_email, attach_ical=attach_ical,
                attach_other_files=attach_other_files, attach_cached_files=attach_cached_files,
            )
-            self.log_action(
-                log_entry_type,
-                user=user,
-                auth=auth,
-                data={
-                    'subject': subject,
-                    'message': email_content,
-                    'position': position.positionid if position else None,
-                    'recipient': recipient,
-                    'invoices': [i.pk for i in invoices] if invoices else [],
-                    'attach_tickets': attach_tickets,
-                    'attach_ical': attach_ical,
-                    'attach_other_files': attach_other_files,
-                    'attach_cached_files': [cf.filename for cf in attach_cached_files] if attach_cached_files else [],
-                }
-            )
+            if outgoing_mail:
+                self.log_action(
+                    log_entry_type,
+                    user=user,
+                    auth=auth,
+                    data=outgoing_mail.log_data(),
+                )

    def resend_link(self, user=None, auth=None):
        with language(self.locale, self.event.settings.region):
@@ -2899,16 +2887,14 @@ class OrderPosition(AbstractPosition):
        :param attach_tickets: Attach tickets of this order, if they are existing and ready to download
        :param attach_ical: Attach relevant ICS files
        """
-        from pretix.base.services.mail import mail, render_mail
+        from pretix.base.services.mail import mail

        if not self.attendee_email:
            return

        with language(self.order.locale, self.order.event.settings.region):
            recipient = self.attendee_email
-            email_content = render_mail(template, context)
-            subject = format_map(subject, context)
-            mail(
+            outgoing_mail = mail(
                recipient, subject, template, context,
                self.event, self.order.locale, order=self.order, headers=headers, sender=sender,
                position=self,
@@ -2917,21 +2903,13 @@ class OrderPosition(AbstractPosition):
                attach_ical=attach_ical,
                attach_other_files=attach_other_files,
            )
-            self.order.log_action(
-                log_entry_type,
-                user=user,
-                auth=auth,
-                data={
-                    'subject': subject,
-                    'message': email_content,
-                    'recipient': recipient,
-                    'invoices': [i.pk for i in invoices] if invoices else [],
-                    'attach_tickets': attach_tickets,
-                    'attach_ical': attach_ical,
-                    'attach_other_files': attach_other_files,
-                    'attach_cached_files': [],
-                }
-            )
+            if outgoing_mail:
+                self.order.log_action(
+                    log_entry_type,
+                    user=user,
+                    auth=auth,
+                    data=outgoing_mail.log_data(),
+                )

    def resend_link(self, user=None, auth=None):

@@ -3507,18 +3485,10 @@ class InvoiceAddress(models.Model):
    def describe_transmission(self):
        from pretix.base.invoicing.transmission import transmission_types
        data = []
-
        t, __ = transmission_types.get(identifier=self.transmission_type)
        data.append((_("Transmission type"), t.public_name))
-        form_data = t.transmission_info_to_form_data(self.transmission_info or {})
-        for k, f in t.invoice_address_form_fields.items():
-            v = form_data.get(k)
-            if v is True:
-                v = _("Yes")
-            elif v is False:
-                v = _("No")
-            if v:
-                data.append((f.label, v))
+        if self.transmission_info:
+            data += t.describe_info(self.transmission_info, self.country, self.is_business)
        return data


@@ -239,7 +239,7 @@ class Voucher(LoggedModel):
        )
    )
    price_mode = models.CharField(
-        verbose_name=_("Price mode"),
+        verbose_name=_("Price effect"),
        max_length=100,
        choices=PRICE_MODES,
        default='none'
@@ -34,10 +34,9 @@ from phonenumber_field.modelfields import PhoneNumberField
 from pretix.base.email import get_email_context
 from pretix.base.i18n import language
 from pretix.base.models import User, Voucher
-from pretix.base.services.mail import mail, render_mail
+from pretix.base.services.mail import mail
 from pretix.helpers import OF_SELF

-from ...helpers.format import format_map
 from ...helpers.names import build_name
 from .base import LoggedModel
 from .event import Event, SubEvent
@@ -181,10 +180,11 @@ class WaitingListEntry(LoggedModel):
                block_quota=True,
                item_id=self.item_id,
                subevent_id=self.subevent_id,
-                waitinglistentries__isnull=False
+                waitinglistentries__isnull=False,
+                seat__isnull=True
            ).aggregate(free=Sum(F('max_usages') - F('redeemed')))['free'] or 0
            free_seats = num_free_seats_for_product - num_valid_vouchers_for_product
-            if not free_seats:
+            if free_seats < 1:
                raise WaitingListException(_('No seat with this product is currently available.'))

        if '@' not in self.email:
@@ -272,9 +272,7 @@ class WaitingListEntry(LoggedModel):
        with language(self.locale, self.event.settings.region):
            recipient = self.email

-            email_content = render_mail(template, context)
-            subject = format_map(subject, context)
-            mail(
+            outgoing_mail = mail(
                recipient, subject, template, context,
                self.event,
                self.locale,
@@ -284,18 +282,13 @@ class WaitingListEntry(LoggedModel):
                attach_other_files=attach_other_files,
                attach_cached_files=attach_cached_files,
            )
-            self.log_action(
-                log_entry_type,
-                user=user,
-                auth=auth,
-                data={
-                    'subject': subject,
-                    'message': email_content,
-                    'recipient': recipient,
-                    'attach_other_files': attach_other_files,
-                    'attach_cached_files': [cf.filename for cf in attach_cached_files] if attach_cached_files else [],
-                }
-            )
+            if outgoing_mail:
+                self.log_action(
+                    log_entry_type,
+                    user=user,
+                    auth=auth,
+                    data=outgoing_mail.log_data(),
+                )

    @staticmethod
    def clean_itemvar(event, item, variation):
@@ -1295,6 +1295,7 @@ class ManualPayment(BasePaymentProvider):

    def format_map(self, order, payment):
        return {
+            # Possible placeholder injection, we should make sure to never include user-controlled variables here
            'order': order.code,
            'amount': payment.amount,
            'currency': self.event.currency,
@@ -1646,6 +1647,14 @@ class GiftCardPayment(BasePaymentProvider):
                    'transaction_id': trans.pk,
                }
                payment.confirm(send_mail=not is_early_special_case, generate_invoice=not is_early_special_case)
+                gc.log_action(
+                    action='pretix.giftcards.transaction.payment',
+                    data={
+                        'value': trans.value,
+                        'acceptor_id': self.event.organizer.id,
+                        'acceptor_slug': self.event.organizer.slug
+                    }
+                )
        except PaymentException as e:
            payment.fail(info={'error': str(e)})
            raise e
@@ -1670,6 +1679,15 @@ class GiftCardPayment(BasePaymentProvider):
            'transaction_id': trans.pk,
        }
        refund.done()
+        gc.log_action(
+            action='pretix.giftcards.transaction.refund',
+            data={
+                'value': refund.amount,
+                'acceptor_id': self.event.organizer.id,
+                'acceptor_slug': self.event.organizer.slug,
+                'text': refund.comment,
+            }
+        )


@receiver(register_payment_providers, dispatch_uid="payment_free")
@@ -65,7 +65,7 @@ def get_all_plugins(*, event=None, organizer=None) -> List[type]:
            if app.name in settings.PRETIX_PLUGINS_EXCLUDE:
                continue

-            level = getattr(app, "level", PLUGIN_LEVEL_EVENT)
+            level = getattr(meta, "level", PLUGIN_LEVEL_EVENT)
            if level == PLUGIN_LEVEL_EVENT:
                if event and hasattr(app, 'is_available'):
                    if not app.is_available(event):
@@ -45,7 +45,6 @@ from pretix.base.services.tax import split_fee_for_taxes
 from pretix.base.templatetags.money import money_filter
 from pretix.celery_app import app
 from pretix.helpers import OF_SELF
-from pretix.helpers.format import format_map

 logger = logging.getLogger(__name__)

@@ -55,7 +54,7 @@ def _send_wle_mail(wle: WaitingListEntry, subject: LazyI18nString, message: Lazy
        email_context = get_email_context(event_or_subevent=subevent or wle.event, event=wle.event)
        mail(
            wle.email,
-            format_map(subject, email_context),
+            str(subject),
            message,
            email_context,
            wle.event,
@@ -73,9 +72,8 @@ def _send_mail(order: Order, subject: LazyI18nString, message: LazyI18nString, s

        email_context = get_email_context(event_or_subevent=subevent or order.event, refund_amount=refund_amount,
                                          order=order, position_or_address=ia, event=order.event)
-        real_subject = format_map(subject, email_context)
        order.send_mail(
-            real_subject, message, email_context,
+            subject, message, email_context,
            'pretix.event.order.email.event_canceled',
            user,
        )
@@ -85,14 +83,13 @@ def _send_mail(order: Order, subject: LazyI18nString, message: LazyI18nString, s
                continue

            if p.addon_to_id is None and p.attendee_email and p.attendee_email != order.email:
-                real_subject = format_map(subject, email_context)
                email_context = get_email_context(event_or_subevent=p.subevent or order.event,
                                                  event=order.event,
                                                  refund_amount=refund_amount,
                                                  position_or_address=p,
                                                  order=order, position=p)
                order.send_mail(
-                    real_subject, message, email_context,
+                    subject, message, email_context,
                    'pretix.event.order.email.event_canceled',
                    position=p,
                    user=user
@@ -51,6 +51,7 @@ from django_scopes import scope, scopes_disabled
 from i18nfield.strings import LazyI18nString

 from pretix.base.i18n import language
+from pretix.base.invoicing.pdf import InvoiceNotReadyException
 from pretix.base.invoicing.transmission import (
    get_transmission_types, transmission_providers,
 )
@@ -504,7 +505,7 @@ def generate_invoice(order: Order, trigger_pdf=True):
    return invoice


-@app.task(base=TransactionAwareTask)
+@app.task(base=TransactionAwareTask, throws=(InvoiceNotReadyException,))
 def invoice_pdf_task(invoice: int):
    with scopes_disabled():
        i = Invoice.objects.get(pk=invoice)
@@ -81,7 +81,9 @@ from pretix.base.signals import (
 )
 from pretix.celery_app import app
 from pretix.helpers import OF_SELF
-from pretix.helpers.format import SafeFormatter, format_map
+from pretix.helpers.format import (
+    FormattedString, PlainHtmlAlternativeString, SafeFormatter, format_map,
+)
 from pretix.helpers.hierarkey import clean_filename
 from pretix.multidomain.urlreverse import build_absolute_uri
 from pretix.presale.ical import get_private_icals
@@ -147,13 +149,13 @@ def prefix_subject(settings_holder, subject, highlight=False):
    return subject


-def mail(email: Union[str, Sequence[str]], subject: str, template: Union[str, LazyI18nString],
+def mail(email: Union[str, Sequence[str]], subject: Union[str, FormattedString], template: Union[str, LazyI18nString],
         context: Dict[str, Any] = None, event: Event = None, locale: str = None, order: Order = None,
         position: OrderPosition = None, *, headers: dict = None, sender: str = None, organizer: Organizer = None,
         customer: Customer = None, invoices: Sequence = None, attach_tickets=False, auto_email=True, user=None,
         attach_ical=False, attach_cached_files: Sequence = None, attach_other_files: list=None,
         plain_text_only=False, no_order_links=False, cc: Sequence[str]=None, bcc: Sequence[str]=None,
-         sensitive: bool=False):
+         sensitive: bool=False) -> Optional[OutgoingMail]:
    """
    Sends out an email to a user. The mail will be sent synchronously or asynchronously depending on the installation.

@@ -218,6 +220,9 @@ def mail(email: Union[str, Sequence[str]], subject: str, template: Union[str, La
    if email == INVALID_ADDRESS:
        return

+    if isinstance(template, FormattedString):
+        raise TypeError("Cannot pass an already formatted body template")
+
    if no_order_links and not plain_text_only:
        raise ValueError('If you set no_order_links, you also need to set plain_text_only.')

@@ -251,23 +256,28 @@ def mail(email: Union[str, Sequence[str]], subject: str, template: Union[str, La
    if event and attach_tickets and not event.settings.mail_attach_tickets:
        attach_tickets = False

-    with language(locale):
+    with language(locale), override(timezone):
        if isinstance(context, dict) and order:
            _autoextend_context(context, order)

        # Build raw content
-        body_plain = render_mail(template, context, placeholder_mode=SafeFormatter.MODE_RICH_TO_PLAIN)
+        content_plain = render_mail(template, context, placeholder_mode=None)
        if settings_holder:
            signature = str(settings_holder.settings.get('mail_text_signature'))
        else:
            signature = ""

        # Build full plain-text body
+        if not isinstance(content_plain, FormattedString):
+            body_plain = format_map(content_plain, context, mode=SafeFormatter.MODE_RICH_TO_PLAIN)
+        else:
+            body_plain = content_plain
        body_plain = _wrap_plain_body(body_plain, signature, event, order, position, no_order_links)
-        body_plain = format_map(body_plain, context, mode=SafeFormatter.MODE_RICH_TO_PLAIN)

        # Build subject
-        subject = str(subject).format_map(TolerantDict(context))
+        if not isinstance(subject, FormattedString):
+            subject = format_map(subject, context)
+
        subject = raw_subject = subject.replace('\n', ' ').replace('\r', '')[:900]
        if settings_holder:
            subject = prefix_subject(settings_holder, subject)
@@ -286,26 +296,24 @@ def mail(email: Union[str, Sequence[str]], subject: str, template: Union[str, La
            else:
                renderer = ClassicMailRenderer(None, organizer)

-            with override(timezone):
-                content_plain = render_mail(template, context, placeholder_mode=None)
-                try:
-                    if 'context' in inspect.signature(renderer.render).parameters:
-                        body_html = renderer.render(content_plain, signature, raw_subject, order, position, context)
-                    elif 'position' in inspect.signature(renderer.render).parameters:
-                        # Backwards compatibility
-                        warnings.warn('Email renderer called without context argument because context argument is not '
-                                      'supported.',
-                                      DeprecationWarning)
-                        body_html = renderer.render(content_plain, signature, raw_subject, order, position)
-                    else:
-                        # Backwards compatibility
-                        warnings.warn('Email renderer called without position argument because position argument is not '
-                                      'supported.',
-                                      DeprecationWarning)
-                        body_html = renderer.render(content_plain, signature, raw_subject, order)
-                except:
-                    logger.exception('Could not render HTML body')
-                    body_html = None
+            try:
+                if 'context' in inspect.signature(renderer.render).parameters:
+                    body_html = renderer.render(content_plain, signature, raw_subject, order, position, context)
+                elif 'position' in inspect.signature(renderer.render).parameters:
+                    # Backwards compatibility
+                    warnings.warn('Email renderer called without context argument because context argument is not '
+                                  'supported.',
+                                  DeprecationWarning)
+                    body_html = renderer.render(content_plain, signature, raw_subject, order, position)
+                else:
+                    # Backwards compatibility
+                    warnings.warn('Email renderer called without position argument because position argument is not '
+                                  'supported.',
+                                  DeprecationWarning)
+                    body_html = renderer.render(content_plain, signature, raw_subject, order)
+            except:
+                logger.exception('Could not render HTML body')
+                body_html = None

        m = OutgoingMail.objects.create(
            organizer=organizer,
@@ -327,14 +335,26 @@ def mail(email: Union[str, Sequence[str]], subject: str, template: Union[str, La
            should_attach_other_files=attach_other_files or [],
            sensitive=sensitive,
        )
+        m._prefetched_objects_cache = {}
        if invoices and not position:
            m.should_attach_invoices.add(*invoices)
+            # Hack: For logging, we'll later make a `should_attach_invoices.all()` call. We can prevent a useless
+            # DB query by filling the cache
+            m._prefetched_objects_cache[m.should_attach_invoices.prefetch_cache_name] = invoices
+        else:
+            m._prefetched_objects_cache[m.should_attach_invoices.prefetch_cache_name] = Invoice.objects.none()
        if attach_cached_files:
+            cf_list = []
            for cf in attach_cached_files:
                if not isinstance(cf, CachedFile):
-                    m.should_attach_cached_files.add(CachedFile.objects.get(pk=cf))
-                else:
-                    m.should_attach_cached_files.add(cf)
+                    cf = CachedFile.objects.get(pk=cf)
+                m.should_attach_cached_files.add(cf)
+                cf_list.append(cf)
+            # Hack: For logging, we'll later make a `should_attach_cached_files.all()` call. We can prevent a useless
+            # DB query by filling the cache
+            m._prefetched_objects_cache[m.should_attach_cached_files.prefetch_cache_name] = cf_list
+        else:
+            m._prefetched_objects_cache[m.should_attach_cached_files.prefetch_cache_name] = CachedFile.objects.none()

        send_task = mail_send_task.si(
            outgoing_mail=m.id
@@ -356,6 +376,8 @@ def mail(email: Union[str, Sequence[str]], subject: str, template: Union[str, La
                lambda: chain(*task_chain).apply_async()
            )

+    return m
+

 class CustomEmail(EmailMultiAlternatives):
    def _create_mime_attachment(self, content, mimetype):
@@ -381,7 +403,7 @@ def mail_send_task(self, **kwargs) -> bool:
        # mail_send_task(self, *, outgoing_mail)
        with scopes_disabled():
            mail_send(**kwargs)
-        return
+        return False
    else:
        raise ValueError("Unknown arguments")

@@ -401,6 +423,18 @@ def mail_send_task(self, **kwargs) -> bool:
        outgoing_mail.inflight_since = now()
        outgoing_mail.save(update_fields=["status", "inflight_since"])

+    # Performance optimization, saves database queries later on if we resolve the known relationships
+    if outgoing_mail.event_id:
+        assert outgoing_mail.event.organizer_id == outgoing_mail.organizer.pk
+        outgoing_mail.event.organizer = outgoing_mail.organizer
+    if outgoing_mail.order_id:
+        assert outgoing_mail.order.event_id == outgoing_mail.event_id
+        outgoing_mail.order.event = outgoing_mail.event
+        outgoing_mail.order.organizer = outgoing_mail.organizer
+    if outgoing_mail.orderposition_id:
+        assert outgoing_mail.orderposition.order_id == outgoing_mail.order_id
+        outgoing_mail.orderposition.order = outgoing_mail.order
+
    headers = dict(outgoing_mail.headers)
    headers.setdefault('X-PX-Correlation', str(outgoing_mail.guid))
    email = CustomEmail(
@@ -435,15 +469,24 @@ def mail_send_task(self, **kwargs) -> bool:
                        content = ct.file.read()
                        args.append((name, content, ct.type))
                        attach_size += len(content)
-                    except Exception:
+                    except Exception as e:
                        # This sometimes fails e.g. with FileNotFoundError. We haven't been able to figure out
                        # why (probably some race condition with ticket cache invalidation?), so retry later.
                        try:
-                            self.retry(max_retries=5, countdown=60)
+                            logger.exception(f'Could not attach tickets to email {outgoing_mail.guid}, will retry')
+                            retry_after = 60
+                            outgoing_mail.error = "Tickets not ready"
+                            outgoing_mail.error_detail = str(e)
+                            outgoing_mail.sent = now()
+                            outgoing_mail.status = OutgoingMail.STATUS_AWAITING_RETRY
+                            outgoing_mail.retry_after = now() + timedelta(seconds=retry_after)
+                            outgoing_mail.save(update_fields=["status", "error", "error_detail", "sent", "retry_after",
+                                                              "actual_attachments"])
+                            self.retry(max_retries=5, countdown=retry_after)
                        except MaxRetriesExceededError:
                            # Well then, something is really wrong, let's send it without attachment before we
                            # don't send at all
-                            logger.exception(f'Could not attach tickets to email {outgoing_mail.guid}')
+                            logger.exception(f'Too many retries attaching tickets to email {outgoing_mail.guid}, skip attachment')
                            pass

                if attach_size * 1.37 < settings.FILE_UPLOAD_MAX_SIZE_EMAIL_ATTACHMENT - 1024 * 1024:
@@ -519,6 +562,7 @@ def mail_send_task(self, **kwargs) -> bool:
                            )
                        except InvoiceAddress.DoesNotExist:
                            pass
+                        expected_recipients = {e.lower() for e in expected_recipients if e}
                        if any(t in expected_recipients for t in outgoing_mail.to):
                            invoices_to_mark_transmitted.append(inv)

@@ -789,7 +833,12 @@ def render_mail(template, context, placeholder_mode: Optional[int]=SafeFormatter
            body = format_map(body, context, mode=placeholder_mode)
    else:
        tpl = get_template(template)
-        body = tpl.render(context)
+        context = {
+            # Known bug, should behave differently for plain and HTML but we'll fix after security release
+            k: v.html if isinstance(v, PlainHtmlAlternativeString) else v
+            for k, v in context.items()
+        }
+        body = FormattedString(tpl.render(context))
    return body


@@ -935,7 +984,7 @@ def _wrap_plain_body(content_plain, signature, event, order, position, no_order_
    body_plain += "\r\n\r\n-- \r\n"

    if signature:
-        signature = signature.format(event=event.name if event else '')
+        signature = format_map(signature, {"event": event.name if event else ''})
        body_plain += signature
        body_plain += "\r\n\r\n-- \r\n"

@@ -947,7 +996,7 @@ def _wrap_plain_body(content_plain, signature, event, order, position, no_order_
        body_plain += _(
            "You can view your order details at the following URL:\n{orderurl}."
        ).replace("\n", "\r\n").format(
-            event=event.name, orderurl=build_absolute_uri(
+            orderurl=build_absolute_uri(
                order.event, 'presale:event.order.position', kwargs={
                    'order': order.code,
                    'secret': position.web_secret,
@@ -247,6 +247,16 @@ def reactivate_order(order: Order, force: bool=False, user: User=None, auth=None
                for gc in position.issued_gift_cards.all():
                    gc = GiftCard.objects.select_for_update(of=OF_SELF).get(pk=gc.pk)
                    gc.transactions.create(value=position.price, order=order, acceptor=order.event.organizer)
+                    gc.log_action(
+                        action='pretix.giftcards.transaction.manual',
+                        user=user,
+                        auth=auth,
+                        data={
+                            'value': position.price,
+                            'acceptor_id': order.event.organizer.id,
+                            'acceptor_slug': order.event.organizer.slug
+                        }
+                    )
                    break

                for m in position.granted_memberships.all():
@@ -548,6 +558,15 @@ def _cancel_order(order, user=None, send_mail: bool=True, api_token=None, device
                    )
                else:
                    gc.transactions.create(value=-position.price, order=order, acceptor=order.event.organizer)
+                    gc.log_action(
+                        action='pretix.giftcards.transaction.manual',
+                        user=user,
+                        data={
+                            'value': -position.price,
+                            'acceptor_id': order.event.organizer.id,
+                            'acceptor_slug': order.event.organizer.slug
+                        }
+                    )

            for m in position.granted_memberships.all():
                m.canceled = True
@@ -1780,8 +1799,6 @@ class OrderChangeManager:
            tax_rule = tax_rules.get(pos.pk, pos.tax_rule)
            if not tax_rule:
                continue
-            if not pos.price:
-                continue

            try:
                new_rate = tax_rule.tax_rate_for(ia)
@@ -1798,7 +1815,9 @@ class OrderChangeManager:
                                           override_tax_rate=new_rate, override_tax_code=new_code)
                self._totaldiff_guesstimate += new_tax.gross - pos.price
                self._operations.append(self.PriceOperation(pos, new_tax, new_tax.gross - pos.price))
-                self._invoice_dirty = True
+                if pos.price:
+                    # We do not consider the invoice dirty if only 0€-valued taxes are changed
+                    self._invoice_dirty = True

    def cancel_fee(self, fee: OrderFee):
        self._totaldiff_guesstimate -= fee.value
@@ -2434,6 +2453,16 @@ class OrderChangeManager:
                        ))
                    else:
                        gc.transactions.create(value=-position.price, order=self.order, acceptor=self.order.event.organizer)
+                        gc.log_action(
+                            action='pretix.giftcards.transaction.manual',
+                            user=self.user,
+                            auth=self.auth,
+                            data={
+                                'value': -position.price,
+                                'acceptor_id': self.order.event.organizer.id,
+                                'acceptor_slug': self.order.event.organizer.slug
+                            }
+                        )

                for m in position.granted_memberships.with_usages().all():
                    m.canceled = True
@@ -2451,6 +2480,16 @@ class OrderChangeManager:
                            ))
                        else:
                            gc.transactions.create(value=-opa.position.price, order=self.order, acceptor=self.order.event.organizer)
+                            gc.log_action(
+                                action='pretix.giftcards.transaction.manual',
+                                user=self.user,
+                                auth=self.auth,
+                                data={
+                                    'value': -opa.position.price,
+                                    'acceptor_id': self.order.event.organizer.id,
+                                    'acceptor_slug': self.order.event.organizer.slug
+                                }
+                            )

                    for m in opa.granted_memberships.with_usages().all():
                        m.canceled = True
@@ -3119,7 +3158,10 @@ def _try_auto_refund(order, auto_refund=True, manual_refund=False, allow_partial
                customer=order.customer,
                testmode=order.testmode
            )
-            giftcard.log_action('pretix.giftcards.created', data={})
+            giftcard.log_action(
+                action='pretix.giftcards.created',
+                data={}
+            )
            r = order.refunds.create(
                order=order,
                payment=None,
@@ -3406,7 +3448,18 @@ def signal_listener_issue_giftcards(sender: Event, order: Order, **kwargs):
                    currency=sender.currency, issued_in=p, testmode=order.testmode,
                    expires=sender.organizer.default_gift_card_expiry,
                )
-                gc.transactions.create(value=p.price - issued, order=order, acceptor=sender.organizer)
+                gc.log_action(
+                    action='pretix.giftcards.created',
+                )
+                trans = gc.transactions.create(value=p.price - issued, order=order, acceptor=sender.organizer)
+                gc.log_action(
+                    action='pretix.giftcards.transaction.manual',
+                    data={
+                        'value': trans.value,
+                        'acceptor_id': order.event.organizer.id,
+                        'acceptor_slug': order.event.organizer.slug
+                    }
+                )
                any_giftcards = True
                p.secret = gc.secret
                p.save(update_fields=['secret'])
@@ -24,6 +24,7 @@ import logging
 from datetime import timedelta
 from decimal import Decimal

+from django.db.models import Prefetch, prefetch_related_objects
 from django.dispatch import receiver
 from django.utils.formats import date_format
 from django.utils.html import escape, mark_safe
@@ -35,6 +36,7 @@ from pretix.base.forms.widgets import format_placeholders_help_text
 from pretix.base.i18n import (
    LazyCurrencyNumber, LazyDate, LazyExpiresDate, LazyNumber,
 )
+from pretix.base.models import EventMetaValue
 from pretix.base.reldate import RelativeDateWrapper
 from pretix.base.settings import PERSON_NAME_SCHEMES, get_name_parts_localized
 from pretix.base.signals import (
@@ -752,6 +754,11 @@ def base_placeholders(sender, **kwargs):
            name_scheme['sample'][f]
        ))

+    prefetch_related_objects(
+        [sender],
+        Prefetch('meta_values', queryset=EventMetaValue.objects.select_related("property"), to_attr="meta_values_cached")
+    )
+    prefetch_related_objects([sender.organizer], Prefetch('meta_properties'))
    for k, v in sender.meta_data.items():
        ph.append(MarkdownTextPlaceholder(
            'meta_%s' % k, ['event'], lambda event, k=k: event.meta_data[k],
@@ -176,6 +176,7 @@ def shred(self, event: Event, fileid: str, confirm_code: str, user: int=None, lo
                _('Data shredding completed'),
                'pretixbase/email/shred_completed.txt',
                {
+                    'instance': settings.PRETIX_INSTANCE_NAME,
                    'user': user,
                    'organizer': event.organizer.name,
                    'event': str(event.name),
@@ -39,7 +39,7 @@ def vouchers_send(event: Event, vouchers: list, subject: str, message: str, reci
        with language(event.settings.locale):
            email_context = get_email_context(event=event, name=r.get('name') or '',
                                              voucher_list=[v.code for v in voucher_list])
-            mail(
+            outgoing_mail = mail(
                r['email'],
                subject,
                LazyI18nString(message),
@@ -60,8 +60,8 @@ def vouchers_send(event: Event, vouchers: list, subject: str, message: str, reci
                    data={
                        'recipient': r['email'],
                        'name': r.get('name'),
-                        'subject': subject,
-                        'message': message,
+                        'subject': outgoing_mail.subject,
+                        'message': outgoing_mail.body_plain,
                    },
                    save=False
                ))
@@ -2948,6 +2948,28 @@ If you did not request a new password, please ignore this email.

 Best regards,  

+Your {organizer} team"""))  # noqa: W291
+    },
+    'mail_subject_customer_security_notice': {
+        'type': LazyI18nString,
+        'default': LazyI18nString.from_gettext(gettext_noop("Changes to your account at {organizer}")),
+    },
+    'mail_text_customer_security_notice': {
+        'type': LazyI18nString,
+        'default': LazyI18nString.from_gettext(gettext_noop("""Hello {name},
+
+the following change has been made to your account at {organizer}:
+
+{message}
+
+You can review and change your account settings here:
+
+{url}
+
+If this change was not performed by you, please contact us immediately.
+
+Best regards,  
+
 Your {organizer} team"""))  # noqa: W291
    },
    'smtp_use_custom': {
@@ -363,7 +363,7 @@ class EmailAddressShredder(BaseDataShredder):
                    le.save(update_fields=['data', 'shredded'])
            else:
                shred_log_fields(le, banlist=[
-                    'recipient', 'message', 'subject', 'full_mail', 'old_email', 'new_email'
+                    'recipient', 'message', 'subject', 'full_mail', 'old_email', 'new_email', 'bcc', 'cc',
                ])


@@ -8,9 +8,6 @@
        <h1>{% trans "Not found" %}</h1>
        <p>{% trans "I'm afraid we could not find the the resource you requested." %}</p>
        <p>{{ exception }}</p>
-        <p class="links">
-            <a id='goback' href='#'>{% trans "Take a step back" %}</a>
-        </p>
        {% if request.user.is_staff and not staff_session %}
            <form action="{% url 'control:user.sudo' %}?next={{ request.path|add:"?"|add:request.GET.urlencode|urlencode }}" method="post">
                <p>
@@ -12,6 +12,9 @@
    <meta charset="utf-8">
    <link rel="icon" href="{% static "pretixbase/img/favicon.ico" %}">
    {% block custom_header %}{% endblock %}
+    {% if css_theme %}
+        <link rel="stylesheet" type="text/css" href="{{ css_theme }}" />
+    {% endif %}
 </head>
 <body>
 <div class="container">
@@ -13,5 +13,5 @@ Start time: {{ start_time }} (new data added after this time might not have been

 Best regards,

-Your pretix team
+Your {{ instance }} team
 {% endblocktrans %}
@@ -0,0 +1,34 @@
+#
+# This file is part of pretix (Community Edition).
+#
+# Copyright (C) 2014-2020  Raphael Michel and contributors
+# Copyright (C) 2020-today pretix GmbH and contributors
+#
+# This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General
+# Public License as published by the Free Software Foundation in version 3 of the License.
+#
+# ADDITIONAL TERMS APPLY: Pursuant to Section 7 of the GNU Affero General Public License, additional terms are
+# applicable granting you additional permissions and placing additional restrictions on your usage of this software.
+# Please refer to the pretix LICENSE file to obtain the full terms applicable to this work. If you did not receive
+# this file, see <https://pretix.eu/about/en/license>.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more
+# details.
+#
+# You should have received a copy of the GNU Affero General Public License along with this program.  If not, see
+# <https://www.gnu.org/licenses/>.
+#
+from django import template
+from django.utils.html import mark_safe
+
+register = template.Library()
+
+
+@register.filter("anon_email")
+def anon_email(value):
+    """Replaces @ with [at] and . with [dot] for anonymization."""
+    if not isinstance(value, str):
+        return value
+    value = value.replace("@", "[at]").replace(".", "[dot]")
+    return mark_safe(''.join(['&#{0};'.format(ord(char)) for char in value]))
@@ -423,7 +423,7 @@ def resolve_timeframe_to_dates_inclusive(ref_dt, frame, timezone) -> Tuple[Optio
    raise ValueError(f"Invalid timeframe '{frame}'")


-def resolve_timeframe_to_datetime_start_inclusive_end_exclusive(ref_dt, frame, timezone) -> Tuple[Optional[date], Optional[date]]:
+def resolve_timeframe_to_datetime_start_inclusive_end_exclusive(ref_dt, frame, timezone) -> Tuple[Optional[datetime], Optional[datetime]]:
    """
    Given a serialized timeframe, evaluate it relative to `ref_dt` and return a tuple of datetimes
    where the first element ist the first possible datetime within the timeframe and the second
@@ -95,6 +95,7 @@ class OrganizerSlugBanlistValidator(BanlistValidator):
        'csp_report',
        'widget',
        'lead',
+        'scheduling',
    ]


@@ -20,6 +20,7 @@
 # <https://www.gnu.org/licenses/>.
 #
 import pycountry
+from django.conf import settings
 from django.http import JsonResponse
 from django.shortcuts import get_object_or_404
 from django.utils.translation import gettext, pgettext, pgettext_lazy
@@ -29,6 +30,7 @@ from django_scopes import scope
 from pretix.base.addressvalidation import (
    COUNTRIES_WITH_STREET_ZIPCODE_AND_CITY_REQUIRED,
 )
+from pretix.base.i18n import language
 from pretix.base.invoicing.transmission import get_transmission_types
 from pretix.base.models import Organizer
 from pretix.base.models.tax import VAT_ID_COUNTRIES
@@ -89,7 +91,7 @@ def _info(cc):
    }


-def address_form(request):
+def _address_form(request):
    cc = request.GET.get("country", "DE")
    info = _info(cc)

@@ -157,4 +159,15 @@ def address_form(request):
                # The help text explains that it is optional, so we want to hide that if it is required
                info["vat_id"]["helptext_visible"] = False

+    return info
+
+
+def address_form(request):
+    locale = request.GET.get('locale')
+    if locale in dict(settings.LANGUAGES):
+        with language(locale):
+            info = _address_form(request)
+    else:
+        info = _address_form(request)
+
    return JsonResponse(info)
@@ -2820,8 +2820,8 @@ class DeviceFilterForm(FilterForm):

 class OutgoingMailFilterForm(FilterForm):
    orders = {
-        'date': 'd',
-        '-date': '-d',
+        'date': 'created',
+        '-date': '-created',
    }
    query = forms.CharField(
        label=_('Search email address or subject'),
@@ -635,6 +635,16 @@ class MailSettingsForm(SettingsForm):
        required=False,
        widget=I18nMarkdownTextarea,
    )
+    mail_subject_customer_security_notice = I18nFormField(
+        label=_("Subject"),
+        required=False,
+        widget=I18nTextInput,
+    )
+    mail_text_customer_security_notice = I18nFormField(
+        label=_("Text"),
+        required=False,
+        widget=I18nMarkdownTextarea,
+    )

    base_context = {
        'mail_text_customer_registration': ['customer', 'url'],
@@ -643,6 +653,8 @@ class MailSettingsForm(SettingsForm):
        'mail_subject_customer_email_change': ['customer', 'url'],
        'mail_text_customer_reset': ['customer', 'url'],
        'mail_subject_customer_reset': ['customer', 'url'],
+        'mail_text_customer_security_notice': ['customer', 'url', 'message'],
+        'mail_subject_customer_security_notice': ['customer', 'url', 'message'],
    }

    def _get_sample_context(self, base_parameters):
@@ -656,6 +668,9 @@ class MailSettingsForm(SettingsForm):
                'presale:organizer.customer.activate'
            ) + '?token=' + get_random_string(30)

+        if 'message' in base_parameters:
+            placeholders['message'] = _('Your password has been changed.')
+
        if 'customer' in base_parameters:
            placeholders['name'] = pgettext_lazy('person_name_sample', 'John Doe')
            name_scheme = PERSON_NAME_SCHEMES[self.organizer.settings.name_scheme]
@@ -19,17 +19,44 @@
 # You should have received a copy of the GNU Affero General Public License along with this program.  If not, see
 # <https://www.gnu.org/licenses/>.
 #
+from django import forms
 from django.urls import reverse
+from django.utils.translation import gettext_lazy as _
 from django_scopes.forms import SafeModelChoiceField
+from phonenumber_field.formfields import PhoneNumberField

 from pretix.base.forms import I18nModelForm
+from pretix.base.forms.questions import (
+    NamePartsFormField, WrappedPhoneNumberPrefixWidget,
+)
 from pretix.base.models import WaitingListEntry
 from pretix.control.forms.widgets import Select2


-class WaitingListEntryTransferForm(I18nModelForm):
+class WaitingListEntryEditForm(I18nModelForm):
+    itemvar = forms.ChoiceField(
+        error_messages={
+            'invalid_choice': _("Select a valid choice.")
+        }
+    )

    def __init__(self, *args, **kwargs):
+        self.instance = kwargs.get('instance', None)
+        initial = kwargs.get('initial', {})
+
+        choices = []
+        if self.instance and self.instance.pk and 'itemvar' not in initial:
+            if self.instance.variation is not None:
+                initial['itemvar'] = f'{self.instance.item.pk}-{self.instance.variation.pk}'
+                if self.instance.variation.active is False:
+                    choices.append((initial['itemvar'], str(self.instance.variation)))
+            else:
+                initial['itemvar'] = self.instance.item.pk
+                if self.instance.item.active is False:
+                    choices.append((initial['itemvar'], str(self.instance)))
+
+        kwargs['initial'] = initial
+
        super().__init__(*args, **kwargs)

        if self.event.has_subevents:
@@ -45,12 +72,73 @@ class WaitingListEntryTransferForm(I18nModelForm):
                }
            )
            self.fields['subevent'].widget.choices = self.fields['subevent'].choices
+        else:
+            del self.fields['subevent']
+
+        if self.event.settings.waiting_list_names_asked:
+            self.fields['name_parts'] = NamePartsFormField(
+                max_length=255,
+                required=self.event.settings.waiting_list_names_required,
+                scheme=self.event.organizer.settings.name_scheme,
+                titles=self.event.organizer.settings.name_scheme_titles,
+                label=_('Name'),
+            )
+        else:
+            del self.fields['name_parts']
+
+        if not self.event.settings.waiting_list_phones_asked:
+            del self.fields['phone']
+
+        items = self.event.items.filter(active=True).prefetch_related(
+            'variations'
+        )
+
+        for item in items:
+            if len(item.variations.all()) > 0:
+                for variation in item.variations.all():
+                    if variation.active:
+                        choices.append(
+                            ('{}-{}'.format(item.pk, variation.pk), '{} - {}'.format(str(item), str(variation)))
+                        )
+            else:
+                choices.append(('{}'.format(item.pk), str(item)))
+
+        self.fields['itemvar'].label = _("Product")
+        self.fields['itemvar'].help_text = _("Only includes active products.")
+        self.fields['itemvar'].required = True
+        self.fields['itemvar'].choices = choices
+
+    def clean(self):
+        cleaned_data = super().clean()
+
+        if self.instance.voucher is not None:
+            raise forms.ValidationError(_('A voucher for this waiting list entry was already sent out.'))
+
+        itemvar = cleaned_data.get('itemvar')
+        if itemvar:
+            self.instance.item = self.event.items.get(pk=itemvar.split('-')[0])
+            if '-' in itemvar:
+                self.instance.variation = self.instance.item.variations.get(pk=itemvar.split('-')[1])
+
+        if ((self.instance.item and not self.instance.item.active) or
+                (self.instance.variation and not self.instance.variation.active)):
+            self.add_error('itemvar', _('The selected product is not active.'))
+
+        return cleaned_data

    class Meta:
        model = WaitingListEntry
        fields = [
+            'email',
+            'name_parts',
+            'phone',
            'subevent',
        ]
        field_classes = {
            'subevent': SafeModelChoiceField,
+            'email': forms.EmailField,
+            'phone': PhoneNumberField,
+        }
+        widgets = {
+            'phone': WrappedPhoneNumberPrefixWidget,
        }
@@ -518,6 +518,7 @@ def pretixcontrol_orderposition_blocked_display(sender: Event, orderposition, bl
        'The order requires approval before it can continue to be processed.'),
    'pretix.event.order.approved': _('The order has been approved.'),
    'pretix.event.order.denied': _('The order has been denied (comment: "{comment}").'),
+    'pretix.event.order.vatid.validated': _('The customer VAT ID has been verified.'),
    'pretix.event.order.contact.changed': _('The email address has been changed from "{old_email}" '
                                            'to "{new_email}".'),
    'pretix.event.order.contact.confirmed': _(
@@ -801,6 +802,8 @@ class CoreUserImpersonatedLogEntryType(UserImpersonatedLogEntryType):
    'pretix.giftcards.created': _('The gift card has been created.'),
    'pretix.giftcards.modified': _('The gift card has been changed.'),
    'pretix.giftcards.transaction.manual': _('A manual transaction has been performed.'),
+    'pretix.giftcards.transaction.payment': _('A payment has been performed.'),
+    'pretix.giftcards.transaction.refund': _('A refund has been performed. '),
    'pretix.team.token.created': _('The token "{name}" has been created.'),
    'pretix.team.token.deleted': _('The token "{name}" has been revoked.'),
    'pretix.event.checkin.reset': _('The check-in and print log state has been reset.')
@@ -19,6 +19,14 @@
            </ul>
            <br>
        {% endif %}
+        {% if possible_cookie_problem %}
+            <div class="alert alert-warning">
+                {% blocktrans trimmed %}
+                    It looks like your browser is not accepting our cookie and you need to log in repeatedly. Please
+                    check if your browser is set to block cookies, or delete all existing cookies and retry.
+                {% endblocktrans %}
+            </div>
+        {% endif %}
        {% csrf_token %}
        {% bootstrap_form form %}
        <div class="form-group buttons">
@@ -9,5 +9,5 @@ Please do never give this code to another person. Our support team will never as
 If this code was not requested by you, please contact us immediately.

 Best regards,
-Your pretix team
+Your {{ instance }} team
 {% endblocktrans %}
@@ -5,5 +5,5 @@ you requested a new password. Please go to the following page to reset your pass
 {{ url }}

 Best regards,  
-Your pretix team
-{% endblocktrans %}
+Your {{ instance }} team
+{% endblocktrans %}
@@ -1,6 +1,6 @@
 {% load i18n %}{% blocktrans with url=url|safe %}Hello,

-you have been invited to a team on pretix, a platform to perform event
+you have been invited to a team on {{ instance }}, a platform to perform event
 ticket sales.

 Organizer: {{ organizer }}
@@ -13,5 +13,5 @@ If you do not want to join, you can safely ignore or delete this email.

 Best regards,  

-Your pretix team
+Your {{ instance }} team
 {% endblocktrans %}
@@ -1,6 +1,6 @@
 {% load i18n %}{% blocktrans with url=url|safe messages=messages|safe %}Hello,

-this is to inform you that the account information of your pretix account has been
+this is to inform you that the account information of your {{ instance }} account has been
 changed. In particular, the following changes have been performed:

 {{ messages }}
@@ -12,5 +12,5 @@ You can review and change your account settings here:
 {{ url }}

 Best regards,  
-Your pretix team
+Your {{ instance }} team
 {% endblocktrans %}
@@ -2,6 +2,7 @@
 {% load i18n %}
 {% load urlreplace %}
 {% load bootstrap3 %}
+{% load static %}
 {% block title %}{% trans "Events" %}{% endblock %}
 {% block content %}
    <h1>{% trans "Events" %}</h1>
@@ -74,6 +75,7 @@
                        <a href="?{% url_replace request 'ordering' 'organizer' %}"><i class="fa fa-caret-up"></i></a>
                    </th>
                {% endif %}
+                <th>{% trans "Sales channels" %}</th>
                <th>
                    {% trans "Start date" %}
                    <a href="?{% url_replace request 'ordering' '-date_from' %}"><i class="fa fa-caret-down"></i></a>
@@ -108,6 +110,21 @@
                        {% endfor %}
                    </td>
                    {% if not hide_orga %}<td>{{ e.organizer }}</td>{% endif %}
+                    <td>
+                        {% for c in e.organizer.sales_channels.all %}
+                            {% if e.all_sales_channels or c in e.limit_sales_channels.all %}
+                                {% if "." in c.icon %}
+                                    <img src="{% static c.icon %}" class="fa-like-image"
+                                         data-toggle="tooltip" title="{{ c.label }}">
+                                {% else %}
+                                    <span class="fa fa-fw fa-{{ c.icon }} text-muted"
+                                          data-toggle="tooltip" title="{{ c.label }}"></span>
+                                {% endif %}
+                            {% else %}
+                                <span class="fa fa-fw"></span>
+                            {% endif %}
+                        {% endfor %}
+                    </td>
                    <td class="event-date-col">
                        {% if e.has_subevents %}
                            <span class="fa fa-fw- fa-calendar"></span>
@@ -24,7 +24,9 @@
                        {% if log.display %}
                            <br/><span class="fa fa-fw fa-comment-o"></span> {{ log.display }}
                        {% endif %}
-                        {% if log.parsed_data.recipient %}
+                        {% if log.parsed_data.to %}
+                            <br/><span class="fa fa-fw fa-envelope-o"></span> {{ log.parsed_data.to|join:", " }}
+                        {% elif log.parsed_data.recipient %} {# legacy #}
                            <br/><span class="fa fa-fw fa-envelope-o"></span> {{ log.parsed_data.recipient }}
                        {% endif %}
                    </p>
@@ -1,6 +1,7 @@
 {% extends "pretixcontrol/organizers/base.html" %}
 {% load i18n %}
 {% load bootstrap3 %}
+{% load static %}
 {% block inner %}
    <h1>
        {% blocktrans with name=request.organizer.name %}Organizer: {{ name }}{% endblocktrans %}
@@ -62,6 +63,7 @@
            <thead>
            <tr>
                <th>{% trans "Event name" %}</th>
+                <th>{% trans "Sales channels" %}</th>
                <th>
                    {% trans "Start date" %}
                    /
@@ -77,10 +79,30 @@
                    <td>
                        <strong><a
                                href="{% url "control:event.index" organizer=e.organizer.slug event=e.slug %}">{{ e.name }}</a></strong>
-                        <br><small>{{ e.slug }}</small>
-                        {% for k, v in e.meta_data.items %}
-                            {% if v %}
-                                <small class="text-muted">&middot; {{ k }}: {{ v }}</small>
+                        <br>
+                        <small>
+                            {{ e.slug }}
+                        </small>
+                        <small class="text-muted">
+                            {% for k, v in e.meta_data.items %}
+                                {% if v %}
+                                    &middot; {{ k }}: {{ v }}
+                                {% endif %}
+                            {% endfor %}
+                        </small>
+                    </td>
+                    <td>
+                        {% for c in sales_channels %}
+                            {% if e.all_sales_channels or c in e.limit_sales_channels.all %}
+                                {% if "." in c.icon %}
+                                    <img src="{% static c.icon %}" class="fa-like-image"
+                                         data-toggle="tooltip" title="{{ c.label }}">
+                                {% else %}
+                                    <span class="fa fa-fw fa-{{ c.icon }} text-muted"
+                                          data-toggle="tooltip" title="{{ c.label }}"></span>
+                                {% endif %}
+                            {% else %}
+                                <span class="fa fa-fw"></span>
                            {% endif %}
                        {% endfor %}
                    </td>
@@ -65,6 +65,9 @@

                    {% blocktrans asvar title_reset %}Customer account password reset{% endblocktrans %}
                    {% include "pretixcontrol/event/mail_settings_fragment.html" with pid="reset" title=title_reset items="mail_subject_customer_reset,mail_text_customer_reset" %}
+
+                    {% blocktrans asvar title_security_notice %}Customer account security notification{% endblocktrans %}
+                    {% include "pretixcontrol/event/mail_settings_fragment.html" with pid="security_notice" title=title_security_notice items="mail_subject_customer_security_notice,mail_text_customer_security_notice" %}
                </div>
            </fieldset>
        </div>
@@ -19,7 +19,7 @@

                    <dl class="dl-horizontal">
                        <dt>{% trans "From" context "email" %}</dt>
-                        <dd>{{ mail.sender }}</dd>
+                        <dd>{{ sender }}</dd>
                        <dt>{% trans "To" context "email" %}</dt>
                        <dd>{{ mail.to|join:", " }}</dd>
                        {% if mail.cc %}
@@ -264,12 +264,17 @@
                                    The paper size will match the PDF.
                                {% endblocktrans %}
                            </p>
-                            <p>
+                            <p class="text-center">
                                <span class="btn btn-default fileinput-button background-button btn-block">
                                    <i class="fa fa-upload"></i>
                                    <span>{% trans "Upload PDF as background" %}</span>
                                    <input id="fileupload" type="file" name="background" accept="application/pdf">
                                </span>
+                                <small class="text-muted">
+                                    {% blocktrans trimmed with size=maxfilesize|filesizeformat %}
+                                        max. {{ size }}, smaller is better
+                                    {% endblocktrans %}
+                                </small>
                            </p>
                            <p class="text-center">
                                <a class="btn btn-link background-download-button" href="{{ pdf }}" target="_blank">
@@ -144,14 +144,23 @@
        </div>
        <div class="panel-body">
            <p>
-                {% trans "If you lose access to your devices, you can use one of the following keys to log in. We recommend to store them in a safe place, e.g. printed out or in a password manager. Every token can be used at most once." %}
+                {% blocktrans trimmed %}
+                    If you lose access to your devices, you can use one of your emergency tokens to log in.
+                    We recommend to store them in a safe place, e.g. printed out or in a password manager.
+                    Every token can be used at most once.
+                {% endblocktrans %}
            </p>
-            <p>{% trans "Unused tokens:" %}</p>
-            <ul>
-                {% for t in static_tokens %}
-                    <li><code>{{ t.token }}</code></li>
-                {% endfor %}
-            </ul>
+            {% if static_tokens_device %}
+                <p>
+                    {% blocktrans trimmed with generation_date_time=static_tokens_device.created_at %}
+                        You generated your emergency tokens on {{ generation_date_time }}.
+                    {% endblocktrans %}
+                </p>
+            {% else %}
+                <p>
+                    {% trans "You don't have any emergency tokens yet." %}
+                </p>
+            {% endif %}
            <a href="{% url "control:user.settings.2fa.regenemergency" %}" class="btn btn-default">
                <span class="fa fa-refresh"></span>
                {% trans "Generate new emergency tokens" %}
@@ -0,0 +1,33 @@
+{% extends "pretixcontrol/event/base.html" %}
+{% load i18n %}
+{% load bootstrap3 %}
+{% block title %}{% trans "Edit entry" %}{% endblock %}
+{% block content %}
+    <h1>{% trans "Edit entry" %}</h1>
+    <form action="" method="post" class="form-horizontal">
+        {% csrf_token %}
+
+        {% if form.subevent %}
+            {% bootstrap_field form.subevent layout="control" %}
+        {% endif %}
+
+        {% bootstrap_field form.email layout="control" %}
+
+        {% if form.name_parts %}
+            {% bootstrap_field form.name_parts layout="control" %}
+        {% endif %}
+
+        {% if form.phone %}
+            {% bootstrap_field form.phone layout="control" %}
+        {% endif %}
+        {% bootstrap_field form.itemvar layout="control" %}
+        <div class="form-group submit-group">
+            <a href="{% url "control:event.orders.waitinglist" organizer=request.event.organizer.slug event=request.event.slug %}" class="btn btn-default btn-cancel">
+                {% trans "Cancel" %}
+            </a>
+            <button type="submit" class="btn btn-primary btn-save">
+                {% trans "Save" %}
+            </button>
+        </div>
+    </form>
+{% endblock %}
@@ -124,6 +124,7 @@
                </option>
            {% endfor %}
        </select>
+        <input name="search" type="text" placeholder="{% trans "Search" %}" class="form-control" value="{{ request.GET.search }}">
        {% if request.event.has_subevents %}
            <select name="subevent" class="form-control">
                <option value="">{% trans "All dates" context "subevent" %}</option>
@@ -267,13 +268,13 @@
                                    data-toggle="tooltip" title="{% trans "Move to the end of the list" %}">
                                    <span class="fa fa-thumbs-down"></span>
                                </button>
-                                {% if request.event.has_subevents %}
-                                    <a href="{% url "control:event.orders.waitinglist.transfer" organizer=request.event.organizer.slug event=request.event.slug entry=e.id %}"
-                                       class="btn btn-default btn-sm" title="{% trans "Transfer to other date" context "subevent" %}"
-                                        data-toggle="tooltip">
-                                        <i class="fa fa-calendar" aria-hidden="true"></i>
-                                    </a>
-                                {% endif %}
+
+                                <a href="{% url "control:event.orders.waitinglist.edit" organizer=request.event.organizer.slug event=request.event.slug entry=e.id %}"
+                                   class="btn btn-default btn-sm" title="{% trans "Edit entry" %}"
+                                    data-toggle="tooltip">
+                                    <i class="fa fa-edit" aria-hidden="true"></i>
+                                </a>
+
                                <a href="{% url "control:event.orders.waitinglist.delete" organizer=request.event.organizer.slug event=request.event.slug entry=e.id %}?next={{ request.get_full_path|urlencode }}" class="btn btn-danger btn-sm"><i class="fa fa-trash"></i></a>
                            {% else %}
                                <button class="btn btn-default btn-sm disabled">
@@ -1,23 +0,0 @@
-{% extends "pretixcontrol/event/base.html" %}
-{% load i18n %}
-{% load bootstrap3 %}
-{% block title %}{% trans "Transfer entry" %}{% endblock %}
-{% block content %}
-    <h1>{% trans "Transfer entry" %}</h1>
-    <form action="" method="post" class="form-horizontal">
-        {% csrf_token %}
-        <p>{% blocktrans trimmed context "subevent" %}
-            Please select the date to which the following waiting list entry should be
-            transferred: <strong>{{ entry }}</strong>?
-        {% endblocktrans %}</p>
-        {% bootstrap_field form.subevent layout="control" %}
-        <div class="form-group submit-group">
-            <a href="{% url "control:event.orders.waitinglist" organizer=request.event.organizer.slug event=request.event.slug %}" class="btn btn-default btn-cancel">
-                {% trans "Cancel" %}
-            </a>
-            <button type="submit" class="btn btn-primary btn-save">
-                {% trans "Transfer" %}
-            </button>
-        </div>
-    </form>
-{% endblock %}
@@ -480,8 +480,8 @@ urlpatterns = [
        re_path(r'^waitinglist/auto_assign$', waitinglist.AutoAssign.as_view(), name='event.orders.waitinglist.auto'),
        re_path(r'^waitinglist/(?P<entry>\d+)/delete$', waitinglist.EntryDelete.as_view(),
                name='event.orders.waitinglist.delete'),
-        re_path(r'^waitinglist/(?P<entry>\d+)/transfer$', waitinglist.EntryTransfer.as_view(),
-                name='event.orders.waitinglist.transfer'),
+        re_path(r'^waitinglist/(?P<entry>\d+)/edit$', waitinglist.EntryEdit.as_view(),
+                name='event.orders.waitinglist.edit'),
        re_path(r'^checkins/$', checkin.CheckinListView.as_view(), name='event.orders.checkins'),
        re_path(r'^checkinlists/$', checkin.CheckinListList.as_view(), name='event.orders.checkinlists'),
        re_path(r'^checkinlists/add$', checkin.CheckinListCreate.as_view(), name='event.orders.checkinlists.add'),
@@ -149,6 +149,8 @@ def login(request):
            return process_login(request, form.user_cache, form.cleaned_data.get('keep_logged_in', False))
    else:
        form = LoginForm(backend=backend, request=request)
+        # Detect redirection loop (usually means cookie not accepted)
+        ctx['possible_cookie_problem'] = request.path in request.headers.get("Referer", "")
    ctx['form'] = form
    ctx['can_register'] = settings.PRETIX_REGISTRATION
    ctx['can_reset'] = settings.PRETIX_PASSWORD_RESET
@@ -870,11 +870,15 @@ class MailSettingsPreview(EventPermissionRequiredMixin, View):
                                )

                        except ValueError:
-                            msgs[self.supported_locale[idx]] = '<div class="alert alert-danger">{}</div>'.format(
-                                PlaceholderValidator.error_message)
+                            msgs[self.supported_locale[idx]] = format_html(
+                                '<div class="alert alert-danger">{}</div>',
+                                PlaceholderValidator.error_message
+                            )
                        except KeyError as e:
-                            msgs[self.supported_locale[idx]] = '<div class="alert alert-danger">{}</div>'.format(
-                                _('Invalid placeholder: {%(value)s}') % {'value': e.args[0]})
+                            msgs[self.supported_locale[idx]] = format_html(
+                                '<div class="alert alert-danger">{}</div>',
+                                _('Invalid placeholder: {%(value)s}') % {'value': e.args[0]}
+                            )

        return JsonResponse({
            'item': preview_item,
@@ -21,6 +21,8 @@
 #
 import base64
 import logging
+from email.header import decode_header, make_header
+from email.utils import parseaddr

 from django.conf import settings
 from django.contrib import messages
@@ -124,6 +126,12 @@ class OutgoingMailDetailView(OrganizerDetailViewMixin, OrganizerPermissionRequir
        ctx = super().get_context_data(**kwargs)
        if self.object.body_html:
            ctx['data_url'] = "data:text/html;charset=utf-8;base64," + base64.b64encode(self.object.body_html.encode()).decode()
+
+        from_name, from_email = parseaddr(self.object.sender)
+        if from_name:
+            from_name = make_header(decode_header(from_name))
+        ctx['sender'] = "{} <{}>".format(from_name, from_email) if from_name else from_email
+
        return ctx


@@ -67,7 +67,12 @@ class EventList(PaginationMixin, ListView):

    def get_queryset(self):
        qs = self.request.user.get_events_with_any_permission(self.request).prefetch_related(
-            'organizer', '_settings_objects', 'organizer___settings_objects', 'organizer__meta_properties',
+            'organizer',
+            'organizer__sales_channels',
+            '_settings_objects',
+            'organizer___settings_objects',
+            'organizer__meta_properties',
+            'limit_sales_channels',
            Prefetch(
                'meta_values',
                EventMetaValue.objects.select_related('property'),
@@ -1226,7 +1226,11 @@ class OrderRefundView(OrderView):
                    customer=order.customer,
                    testmode=order.testmode
                )
-                giftcard.log_action('pretix.giftcards.created', user=self.request.user, data={})
+                giftcard.log_action(
+                    action='pretix.giftcards.created',
+                    user=self.request.user,
+                    data={}
+                )
                refunds.append(OrderRefund(
                    order=order,
                    payment=None,
@@ -1637,9 +1641,17 @@ class OrderCheckVATID(OrderView):

            try:
                normalized_id = validate_vat_id(ia.vat_id, str(ia.country))
-                ia.vat_id_validated = True
-                ia.vat_id = normalized_id
-                ia.save()
+                with transaction.atomic():
+                    ia.vat_id_validated = True
+                    ia.vat_id = normalized_id
+                    ia.save()
+                    self.order.log_action(
+                        'pretix.event.order.vatid.validated',
+                        data={
+                            'vat_id': normalized_id,
+                        },
+                        user=self.request.user,
+                    )
            except VATIDFinalError as e:
                messages.error(self.request, e.message)
            except VATIDTemporaryError:
@@ -2409,9 +2421,9 @@ class OrderSendMail(EventPermissionRequiredMixin, OrderViewMixin, FormView):
        with language(order.locale, self.request.event.settings.region):
            email_context = get_email_context(event=order.event, order=order)
        email_template = LazyI18nString(form.cleaned_data['message'])
-        email_subject = format_map(str(form.cleaned_data['subject']), email_context)
-        email_content = render_mail(email_template, email_context)
        if self.request.POST.get('action') == 'preview':
+            email_subject = format_map(form.cleaned_data['subject'], email_context)
+            email_content = render_mail(email_template, email_context)
            self.preview_output = {
                'subject': mark_safe(_('Subject: {subject}').format(
                    subject=prefix_subject(order.event, escape(email_subject), highlight=True)
@@ -2473,9 +2485,9 @@ class OrderPositionSendMail(OrderSendMail):
        with language(position.order.locale, self.request.event.settings.region):
            email_context = get_email_context(event=position.order.event, order=position.order, position=position)
        email_template = LazyI18nString(form.cleaned_data['message'])
-        email_subject = format_map(str(form.cleaned_data['subject']), email_context)
-        email_content = render_mail(email_template, email_context)
        if self.request.POST.get('action') == 'preview':
+            email_subject = format_map(str(form.cleaned_data['subject']), email_context)
+            email_content = render_mail(email_template, email_context)
            self.preview_output = {
                'subject': mark_safe(_('Subject: {subject}').format(
                    subject=prefix_subject(position.order.event, escape(email_subject), highlight=True))
@@ -207,6 +207,7 @@ class OrganizerDetail(OrganizerDetailViewMixin, OrganizerPermissionRequiredMixin
            'organizer').prefetch_related(
            'organizer', '_settings_objects', 'organizer___settings_objects',
            'organizer__meta_properties',
+            'limit_sales_channels',
            Prefetch(
                'meta_values',
                EventMetaValue.objects.select_related('property'),
@@ -237,6 +238,7 @@ class OrganizerDetail(OrganizerDetailViewMixin, OrganizerPermissionRequiredMixin
            self.filter_form['meta_{}'.format(p.name)] for p in
            self.organizer.meta_properties.filter(filter_allowed=True)
        ]
+        ctx['sales_channels'] = self.request.organizer.sales_channels.all()
        return ctx


@@ -1039,9 +1041,10 @@ class TeamMemberView(OrganizerDetailViewMixin, OrganizerPermissionRequiredMixin,
    def _send_invite(self, instance):
        mail(
            instance.email,
-            _('pretix account invitation'),
+            _('Account invitation'),
            'pretixcontrol/email/invitation.txt',
            {
+                'instance': settings.PRETIX_INSTANCE_NAME,
                'user': self,
                'organizer': self.request.organizer.name,
                'team': instance.team.name,
@@ -1667,9 +1670,12 @@ class GiftCardAcceptanceInviteView(OrganizerDetailViewMixin, OrganizerPermission
            active=False,
        )
        self.request.organizer.log_action(
-            'pretix.giftcards.acceptance.acceptor.invited',
-            data={'acceptor': form.cleaned_data['acceptor'].slug,
-                  'reusable_media': form.cleaned_data['reusable_media']},
+            action='pretix.giftcards.acceptance.acceptor.invited',
+            data={
+                'acceptor': form.cleaned_data['acceptor'].slug,
+                'issuer': self.request.organizer.slug,
+                'reusable_media': form.cleaned_data['reusable_media']
+            },
            user=self.request.user
        )
        messages.success(self.request, _('The selected organizer has been invited.'))
@@ -1705,8 +1711,11 @@ class GiftCardAcceptanceListView(OrganizerDetailViewMixin, OrganizerPermissionRe
            ).delete()
            if done:
                self.request.organizer.log_action(
-                    'pretix.giftcards.acceptance.acceptor.removed',
-                    data={'acceptor': request.POST.get("delete_acceptor")},
+                    action='pretix.giftcards.acceptance.acceptor.removed',
+                    data={
+                        'acceptor': request.POST.get("delete_acceptor"),
+                        'issuer': self.request.organizer.slug
+                    },
                    user=request.user
                )
            messages.success(self.request, _('The selected connection has been removed.'))
@@ -1716,8 +1725,11 @@ class GiftCardAcceptanceListView(OrganizerDetailViewMixin, OrganizerPermissionRe
            ).delete()
            if done:
                self.request.organizer.log_action(
-                    'pretix.giftcards.acceptance.issuer.removed',
-                    data={'issuer': request.POST.get("delete_acceptor")},
+                    action='pretix.giftcards.acceptance.issuer.removed',
+                    data={
+                        'issuer': request.POST.get("delete_acceptor"),
+                        'acceptor': self.request.organizer.slug
+                    },
                    user=request.user
                )
            messages.success(self.request, _('The selected connection has been removed.'))
@@ -1727,8 +1739,11 @@ class GiftCardAcceptanceListView(OrganizerDetailViewMixin, OrganizerPermissionRe
            ).update(active=True)
            if done:
                self.request.organizer.log_action(
-                    'pretix.giftcards.acceptance.issuer.accepted',
-                    data={'issuer': request.POST.get("accept_issuer")},
+                    action='pretix.giftcards.acceptance.issuer.accepted',
+                    data={
+                        'issuer': request.POST.get("accept_issuer"),
+                        'acceptor': self.request.organizer.slug
+                    },
                    user=request.user
                )
            messages.success(self.request, _('The selected connection has been accepted.'))
@@ -1834,10 +1849,12 @@ class GiftCardDetailView(OrganizerDetailViewMixin, OrganizerPermissionRequiredMi
                        acceptor=request.organizer,
                    )
                    self.object.log_action(
-                        'pretix.giftcards.transaction.manual',
+                        action='pretix.giftcards.transaction.manual',
                        data={
                            'value': value,
-                            'text': request.POST.get('text')
+                            'text': request.POST.get('text'),
+                            'acceptor_id': self.request.organizer.id,
+                            'acceptor_slug': self.request.organizer.slug
                        },
                        user=self.request.user,
                    )
@@ -1886,15 +1903,24 @@ class GiftCardCreateView(OrganizerDetailViewMixin, OrganizerPermissionRequiredMi
        messages.success(self.request, _('The gift card has been created and can now be used.'))
        form.instance.issuer = self.request.organizer
        super().form_valid(form)
-        form.instance.transactions.create(
-            acceptor=self.request.organizer,
-            value=form.cleaned_data['value']
+        form.instance.log_action(
+            action='pretix.giftcards.created',
+            user=self.request.user,
        )
-        form.instance.log_action('pretix.giftcards.created', user=self.request.user, data={})
        if form.cleaned_data['value']:
-            form.instance.log_action('pretix.giftcards.transaction.manual', user=self.request.user, data={
-                'value': form.cleaned_data['value']
-            })
+            form.instance.transactions.create(
+                acceptor=self.request.organizer,
+                value=form.cleaned_data['value']
+            )
+            form.instance.log_action(
+                action='pretix.giftcards.transaction.manual',
+                user=self.request.user,
+                data={
+                    'value': form.cleaned_data['value'],
+                    'acceptor_id': self.request.organizer.id,
+                    'acceptor_slug': self.request.organizer.slug
+                }
+            )
        return redirect(reverse(
            'control:organizer.giftcard',
            kwargs={
@@ -1922,7 +1948,11 @@ class GiftCardUpdateView(OrganizerDetailViewMixin, OrganizerPermissionRequiredMi
    def form_valid(self, form):
        messages.success(self.request, _('The gift card has been changed.'))
        super().form_valid(form)
-        form.instance.log_action('pretix.giftcards.modified', user=self.request.user, data=dict(form.cleaned_data))
+        form.instance.log_action(
+            action='pretix.giftcards.modified',
+            user=self.request.user,
+            data=dict(form.cleaned_data)
+        )
        return redirect(reverse(
            'control:organizer.giftcard',
            kwargs={
@@ -292,6 +292,7 @@ class BaseEditorView(EventPermissionRequiredMixin, TemplateView):
        ctx['layout'] = json.dumps(self.get_current_layout())
        ctx['title'] = self.title
        ctx['locales'] = [p for p in settings.LANGUAGES if p[0] in self.request.event.settings.locales]
+        ctx['maxfilesize'] = self.maxfilesize
        return ctx


@@ -49,12 +49,14 @@ from django.db import transaction
 from django.shortcuts import get_object_or_404, redirect
 from django.urls import reverse
 from django.utils.crypto import get_random_string
+from django.utils.decorators import method_decorator
 from django.utils.functional import cached_property
 from django.utils.html import format_html
 from django.utils.http import url_has_allowed_host_and_scheme
 from django.utils.timezone import now
 from django.utils.translation import gettext_lazy as _
 from django.views import View
+from django.views.decorators.cache import never_cache
 from django.views.generic import FormView, ListView, TemplateView, UpdateView
 from django_otp.plugins.otp_static.models import StaticDevice
 from django_otp.plugins.otp_totp.models import TOTPDevice
@@ -85,8 +87,9 @@ logger = logging.getLogger(__name__)


 class RecentAuthenticationRequiredMixin:
-    max_time = 3600
+    max_time = 900

+    @method_decorator(never_cache)
    def dispatch(self, request, *args, **kwargs):
        tdelta = time.time() - request.session.get('pretix_auth_login_time', 0)
        if tdelta > self.max_time:
@@ -289,16 +292,13 @@ class User2FAMainView(RecentAuthenticationRequiredMixin, TemplateView):
        ctx = super().get_context_data()

        try:
-            ctx['static_tokens'] = StaticDevice.objects.get(user=self.request.user, name='emergency').token_set.all()
+            ctx['static_tokens_device'] = StaticDevice.objects.get(user=self.request.user, name='emergency')
        except StaticDevice.MultipleObjectsReturned:
-            ctx['static_tokens'] = StaticDevice.objects.filter(
+            ctx['static_tokens_device'] = StaticDevice.objects.filter(
                user=self.request.user, name='emergency'
-            ).first().token_set.all()
+            ).first()
        except StaticDevice.DoesNotExist:
-            d = StaticDevice.objects.create(user=self.request.user, name='emergency')
-            for i in range(10):
-                d.token_set.create(token=get_random_string(length=12, allowed_chars='1234567890'))
-            ctx['static_tokens'] = d.token_set.all()
+            ctx['static_tokens_device'] = None

        ctx['devices'] = []
        for dt in REAL_DEVICE_TYPES:
@@ -630,8 +630,14 @@ class User2FARegenerateEmergencyView(RecentAuthenticationRequiredMixin, Template
        ])
        self.request.user.update_session_token()
        update_session_auth_hash(self.request, self.request.user)
-        messages.success(request, _('Your emergency codes have been newly generated. Remember to store them in a safe '
-                                    'place in case you lose access to your devices.'))
+        messages.success(
+            request,
+            _('Your emergency codes have been newly generated. Remember to store them in a safe '
+              'place in case you lose access to your devices. You will not be able to view them '
+              'again here.\n\nYour emergency codes:\n{tokens}').format(
+                tokens='- ' + '\n- '.join(t.token for t in d.token_set.all())
+            )
+        )
        return redirect(reverse('control:user.settings.2fa'))


@@ -131,7 +131,7 @@ class VoucherList(PaginationMixin, EventPermissionRequiredMixin, ListView):
            elif v.quota:
                prod = _('Any product in quota "{quota}"').format(quota=str(v.quota.name))
            else:
-                prod = _('Any product')
+                prod = ""
            row = [
                v.code,
                v.valid_until.isoformat() if v.valid_until else "",
@@ -53,7 +53,7 @@ from pretix.base.models import Item, LogEntry, Quota, WaitingListEntry
 from pretix.base.models.waitinglist import WaitingListException
 from pretix.base.services.waitinglist import assign_automatically
 from pretix.base.views.tasks import AsyncAction
-from pretix.control.forms.waitinglist import WaitingListEntryTransferForm
+from pretix.control.forms.waitinglist import WaitingListEntryEditForm
 from pretix.control.permissions import EventPermissionRequiredMixin
 from pretix.control.views import PaginationMixin

@@ -138,6 +138,17 @@ class WaitingListQuerySetMixin:
        elif force_filtered and '__ALL' not in self.request_data:
            qs = qs.none()

+        if self.request_data.get("search", "") != "":
+            s = self.request_data.get("search", "")
+            search_q = Q(email__icontains=s)
+
+            if self.request.event.settings.waiting_list_names_asked:
+                search_q = search_q | Q(name_cached__icontains=s)
+            if self.request.event.settings.waiting_list_phones_asked:
+                search_q = search_q | Q(phone__icontains=s)
+
+            qs = qs.filter(search_q)
+
        return qs


@@ -238,7 +249,7 @@ class WaitingListView(EventPermissionRequiredMixin, WaitingListQuerySetMixin, Pa
    def get_context_data(self, **kwargs):
        ctx = super().get_context_data(**kwargs)
        ctx['items'] = Item.objects.filter(event=self.request.event)
-        ctx['filtered'] = ("status" in self.request.GET or "item" in self.request.GET)
+        ctx['filtered'] = any(param in self.request.GET for param in ("status", "item", "search"))

        itemvar_cache = {}
        quota_cache = {}
@@ -269,11 +280,12 @@ class WaitingListView(EventPermissionRequiredMixin, WaitingListQuerySetMixin, Pa
                        block_quota=True,
                        item_id=wle.item_id,
                        subevent=wle.subevent_id,
-                        waitinglistentries__isnull=False
+                        waitinglistentries__isnull=False,
+                        seat__isnull=True
                    ).aggregate(free=Sum(F('max_usages') - F('redeemed')))['free'] or 0
                    free_seats = num_free_seats_for_product - num_valid_vouchers_for_product
                    wle.availability = (
-                        Quota.AVAILABILITY_GONE if free_seats == 0 else wle.availability[0],
+                        Quota.AVAILABILITY_GONE if free_seats < 1 else wle.availability[0],
                        min(free_seats, wle.availability[1]) if wle.availability[1] is not None else free_seats,
                    )

@@ -390,25 +402,20 @@ class EntryDelete(EventPermissionRequiredMixin, CompatDeleteView):
        })


-class EntryTransfer(EventPermissionRequiredMixin, UpdateView):
+class EntryEdit(EventPermissionRequiredMixin, UpdateView):
    model = WaitingListEntry
-    template_name = 'pretixcontrol/waitinglist/transfer.html'
+    template_name = 'pretixcontrol/waitinglist/edit.html'
    permission = 'can_change_orders'
-    form_class = WaitingListEntryTransferForm
+    form_class = WaitingListEntryEditForm
    context_object_name = 'entry'

-    def dispatch(self, request, *args, **kwargs):
-        if not self.request.event.has_subevents:
-            raise Http404(_("This is not an event series."))
-        return super().dispatch(request, *args, **kwargs)
-
    def get_object(self, queryset=None) -> WaitingListEntry:
        return get_object_or_404(WaitingListEntry, pk=self.kwargs['entry'], event=self.request.event, voucher__isnull=True)

    @transaction.atomic
    def form_valid(self, form):
-        messages.success(self.request, _('The waitinglist entry has been transferred.'))
        if form.has_changed():
+            messages.success(self.request, _('The waitinglist entry has been changed.'))
            self.object.log_action(
                'pretix.event.orders.waitinglist.changed', user=self.request.user, data={
                    k: form.cleaned_data.get(k) for k in form.changed_data
@@ -22,6 +22,7 @@
 import logging
 from string import Formatter

+from django.core.exceptions import SuspiciousOperation
 from django.utils.html import conditional_escape

 logger = logging.getLogger(__name__)
@@ -37,6 +38,17 @@ class PlainHtmlAlternativeString:
        return f"PlainHtmlAlternativeString('{self.plain}', '{self.html}')"


+class FormattedString(str):
+    """
+    A str subclass that has been specifically marked as "already formatted" for email rendering
+    purposes to avoid duplicate formatting.
+    """
+    __slots__ = ()
+
+    def __str__(self):
+        return self
+
+
 class SafeFormatter(Formatter):
    """
    Customized version of ``str.format`` that (a) behaves just like ``str.format_map`` and
@@ -77,8 +89,19 @@ class SafeFormatter(Formatter):
        # Ignore format_spec
        return super().format_field(self._prepare_value(value), '')

+    def convert_field(self, value, conversion):
+        # Ignore any conversions
+        if conversion is None:
+            return value
+        else:
+            return str(value)

-def format_map(template, context, raise_on_missing=False, mode=SafeFormatter.MODE_RICH_TO_PLAIN, linkifier=None):
+
+def format_map(template, context, raise_on_missing=False, mode=SafeFormatter.MODE_RICH_TO_PLAIN, linkifier=None) -> FormattedString:
+    if isinstance(template, FormattedString):
+        raise SuspiciousOperation("Calling format_map() on an already formatted string is likely unsafe.")
    if not isinstance(template, str):
        template = str(template)
-    return SafeFormatter(context, raise_on_missing, mode=mode, linkifier=linkifier).format(template)
+    return FormattedString(
+        SafeFormatter(context, raise_on_missing, mode=mode, linkifier=linkifier).format(template)
+    )
@@ -265,6 +265,7 @@ Objekt-IDs
 Offline-Scan
 OK
 Online-Banking
+Online-Banking-Nutzer
 Onlinebanking
 Onlinebanking-Zugangsdaten
 Open
@@ -539,6 +540,8 @@ WeChat-Zahlung
 Weiterleitungs-URIs
 Weiterleitungs-URL
 Weiterleitungs-URLs
+WERO
+WERO-App
 WhatsApp
 Widget
 Widget-Code
@@ -265,6 +265,7 @@ Objekt-IDs
 Offline-Scan
 OK
 Online-Banking
+Online-Banking-Nutzer
 Onlinebanking
 Onlinebanking-Zugangsdaten
 Open
@@ -539,6 +540,8 @@ WeChat-Zahlung
 Weiterleitungs-URIs
 Weiterleitungs-URL
 Weiterleitungs-URLs
+WERO
+WERO-App
 WhatsApp
 Widget
 Widget-Code
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-01-26 13:20+0000\n"
+"POT-Creation-Date: 2026-02-24 11:50+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
--- a/Show More
+++ b/Show More