Add logging for successfully synced orders

(debugging orders that might get silently skipped)

pyproject.toml

@@ -92,7 +92,7 @@ dependencies = [
   "redis==7.1.*",
   "reportlab==4.4.*",
   "requests==2.32.*",
-  "sentry-sdk==2.52.*",
+  "sentry-sdk==2.53.*",
   "sepaxml==2.7.*",
   "stripe==7.9.*",
   "text-unidecode==1.*",
@@ -110,10 +110,10 @@ dev = [
   "aiohttp==3.13.*",
   "coverage",
   "coveralls",
-  "fakeredis==2.33.*",
+  "fakeredis==2.34.*",
   "flake8==7.3.*",
   "freezegun",
-  "isort==7.0.*",
+  "isort==8.0.*",
   "pep8-naming==0.15.*",
   "potypo",
   "pytest-asyncio>=0.24",

src/pretix/__init__.py

@@ -19,4 +19,4 @@
 # You should have received a copy of the GNU Affero General Public License along with this program.  If not, see
 # <https://www.gnu.org/licenses/>.
 #
-__version__ = "2026.2.0.dev0"
+__version__ = "2026.3.0.dev0"

src/pretix/api/views/checkin.py

@@ -188,11 +188,15 @@ class CheckinListViewSet(viewsets.ModelViewSet):
         clist = self.get_object()
         if serializer.validated_data.get('nonce'):
             if kwargs.get('position'):
-                prev = kwargs['position'].all_checkins.filter(nonce=serializer.validated_data['nonce']).first()
+                prev = kwargs['position'].all_checkins.filter(
+                    nonce=serializer.validated_data['nonce'],
+                    successful=False
+                ).first()
             else:
                 prev = clist.checkins.filter(
                     nonce=serializer.validated_data['nonce'],
                     raw_barcode=serializer.validated_data['raw_barcode'],
+                    successful=False
                 ).first()
             if prev:
                 # Ignore because nonce is already handled

src/pretix/api/views/organizer.py

@@ -259,7 +259,14 @@ class GiftCardViewSet(viewsets.ModelViewSet):
             action='pretix.giftcards.transaction.manual',
             user=self.request.user,
             auth=self.request.auth,
-            data=merge_dicts(self.request.data, {'id': inst.pk, 'acceptor_id': self.request.organizer.id})
+            data=merge_dicts(
+                self.request.data,
+                {
+                    'id': inst.pk,
+                    'acceptor_id': self.request.organizer.id,
+                    'acceptor_slug': self.request.organizer.slug
+                }
+            )
         )
 
     @transaction.atomic()
@@ -290,7 +297,11 @@ class GiftCardViewSet(viewsets.ModelViewSet):
                 action='pretix.giftcards.transaction.manual',
                 user=self.request.user,
                 auth=self.request.auth,
-                data={'value': diff, 'acceptor_id': self.request.organizer.id}
+                data={
+                    'value': diff,
+                    'acceptor_id': self.request.organizer.id,
+                    'acceptor_slug': self.request.organizer.slug
+                }
             )
 
         return inst
@@ -320,7 +331,8 @@ class GiftCardViewSet(viewsets.ModelViewSet):
             data={
                 'value': value,
                 'text': text,
-                'acceptor_id': self.request.organizer.id
+                'acceptor_id': self.request.organizer.id,
+                'acceptor_slug': self.request.organizer.slug
             }
         )
         return Response(GiftCardSerializer(gc, context=self.get_serializer_context()).data, status=status.HTTP_200_OK)

src/pretix/api/webhooks.py

@@ -183,6 +183,7 @@ class ParametrizedGiftcardWebhookEvent(ParametrizedWebhookEvent):
         return {
             'notification_id': logentry.pk,
             'issuer_id': logentry.organizer_id,
+            'issuer_slug': logentry.organizer.slug,
             'giftcard': giftcard.pk,
             'action': logentry.action_type,
         }
@@ -197,7 +198,9 @@ class ParametrizedGiftcardTransactionWebhookEvent(ParametrizedWebhookEvent):
         return {
             'notification_id': logentry.pk,
             'issuer_id': logentry.organizer_id,
+            'issuer_slug': logentry.organizer.slug,
             'acceptor_id': logentry.parsed_data.get('acceptor_id'),
+            'acceptor_slug': logentry.parsed_data.get('acceptor_slug'),
             'giftcard': giftcard.pk,
             'action': logentry.action_type,
         }
@@ -472,7 +475,7 @@ def register_default_webhook_events(sender, **kwargs):
         ),
         ParametrizedGiftcardTransactionWebhookEvent(
             'pretix.giftcards.transaction.*',
-            _('Gift card used in transcation'),
+            _('Gift card used in transaction'),
         )
     )
 

src/pretix/base/datasync/datasync.py

@@ -216,7 +216,10 @@ class OutboundSyncProvider:
 
             try:
                 mapped_objects = self.sync_order(sq.order)
-                if not all(all(not res or res.sync_info.get("action", "") == "nothing_to_do" for res in res_list) for res_list in mapped_objects.values()):
+                actions_taken = [res and res.sync_info.get("action", "") for res_list in mapped_objects.values() for res in res_list]
+                should_write_logentry = any(action not in (None, "nothing_to_do") for action in actions_taken)
+                logger.info('Synced order %s to %s, actions: %r, log: %r', sq.order.code, sq.sync_provider, actions_taken, should_write_logentry)
+                if should_write_logentry:
                     sq.order.log_action("pretix.event.order.data_sync.success", {
                         "provider": self.identifier,
                         "objects": {
@@ -237,7 +240,7 @@ class OutboundSyncProvider:
                     sq.set_sync_error("exceeded", e.messages, e.full_message)
                 else:
                     logger.info(
-                        f"Could not sync order {sq.order.code} to {type(self).__name__} "
+                        f"Could not sync order {sq.order.code} to {sq.sync_provider} "
                         f"(transient error, attempt #{sq.failed_attempts}, next {sq.not_before})",
                         exc_info=True,
                     )

src/pretix/base/email.py

@@ -39,7 +39,7 @@ from pretix.base.templatetags.rich_text import (
     DEFAULT_CALLBACKS, EMAIL_RE, URL_RE, abslink_callback,
     markdown_compile_email, truelink_callback,
 )
-from pretix.helpers.format import SafeFormatter, format_map
+from pretix.helpers.format import FormattedString, SafeFormatter, format_map
 
 from pretix.base.services.placeholders import (  # noqa
     get_available_placeholders, PlaceholderContext
@@ -141,6 +141,7 @@ class TemplateBasedMailRenderer(BaseHTMLMailRenderer):
         return markdown_compile_email(plaintext, context=context)
 
     def render(self, plain_body: str, plain_signature: str, subject: str, order, position, context) -> str:
+        apply_format_map = not isinstance(plain_body, FormattedString)
         body_md = self.compile_markdown(plain_body, context)
         if context:
             linker = bleach.Linker(
@@ -149,12 +150,13 @@ class TemplateBasedMailRenderer(BaseHTMLMailRenderer):
                 callbacks=DEFAULT_CALLBACKS + [truelink_callback, abslink_callback],
                 parse_email=True
             )
-            body_md = format_map(
-                body_md,
-                context=context,
-                mode=SafeFormatter.MODE_RICH_TO_HTML,
-                linkifier=linker
-            )
+            if apply_format_map:
+                body_md = format_map(
+                    body_md,
+                    context=context,
+                    mode=SafeFormatter.MODE_RICH_TO_HTML,
+                    linkifier=linker
+                )
         htmlctx = {
             'site': settings.PRETIX_INSTANCE_NAME,
             'site_url': settings.SITE_URL,

src/pretix/base/exporters/orderlist.py

@@ -651,6 +651,7 @@ class OrderListExporter(MultiSheetListExporter):
             pgettext('address', 'State'),
             _('Voucher'),
             _('Voucher budget usage'),
+            _('Voucher tag'),
             _('Pseudonymization ID'),
             _('Ticket secret'),
             _('Seat ID'),
@@ -769,6 +770,7 @@ class OrderListExporter(MultiSheetListExporter):
                     op.state_for_address or '',
                     op.voucher.code if op.voucher else '',
                     op.voucher_budget_use if op.voucher_budget_use else '',
+                    op.voucher.tag if op.voucher else '',
                     op.pseudonymization_id,
                     op.secret,
                 ]

src/pretix/base/modelimport_vouchers.py

@@ -132,7 +132,7 @@ class AllowIgnoreQuotaColumn(BooleanColumnMixin, ImportColumn):
 
 class PriceModeColumn(ImportColumn):
     identifier = 'price_mode'
-    verbose_name = gettext_lazy('Price mode')
+    verbose_name = gettext_lazy('Price effect')
     default_value = None
     initial = 'static:none'
 
@@ -147,7 +147,7 @@ class PriceModeColumn(ImportColumn):
         elif value in reverse:
             return reverse[value]
         else:
-            raise ValidationError(_("Could not parse {value} as a price mode, use one of {options}.").format(
+            raise ValidationError(_("Could not parse {value} as a price effect, use one of {options}.").format(
                 value=value, options=', '.join(d.keys())
             ))
 
@@ -162,7 +162,7 @@ class ValueColumn(DecimalColumnMixin, ImportColumn):
     def clean(self, value, previous_values):
         value = super().clean(value, previous_values)
         if value and previous_values.get("price_mode") == "none":
-            raise ValidationError(_("It is pointless to set a value without a price mode."))
+            raise ValidationError(_("It is pointless to set a value without a price effect."))
         return value
 
     def assign(self, value, obj: Voucher, **kwargs):

src/pretix/base/models/datasync.py

@@ -86,7 +86,7 @@ class OrderSyncQueue(models.Model):
 
     def set_sync_error(self, failure_mode, messages, full_message):
         logger.exception(
-            f"Could not sync order {self.order.code} to {type(self).__name__} ({failure_mode})"
+            f"Could not sync order {self.order.code} to {self.sync_provider} ({failure_mode})"
         )
         self.order.log_action(f"pretix.event.order.data_sync.failed.{failure_mode}", {
             "provider": self.sync_provider,

src/pretix/base/models/orders.py

@@ -87,7 +87,7 @@ from pretix.base.timemachine import time_machine_now
 
 from ...helpers import OF_SELF
 from ...helpers.countries import CachedCountries, FastCountryField
-from ...helpers.format import format_map
+from ...helpers.format import FormattedString, format_map
 from ...helpers.names import build_name
 from ...testutils.middleware import debugflags_var
 from ._transactions import (
@@ -1178,7 +1178,8 @@ class Order(LockModel, LoggedModel):
                 recipient = position.attendee_email
 
             email_content = render_mail(template, context)
-            subject = format_map(subject, context)
+            if not isinstance(subject, FormattedString):
+                subject = format_map(subject, context)
             mail(
                 recipient, subject, template, context,
                 self.event, self.locale, self, headers=headers, sender=sender,
@@ -2907,7 +2908,8 @@ class OrderPosition(AbstractPosition):
         with language(self.order.locale, self.order.event.settings.region):
             recipient = self.attendee_email
             email_content = render_mail(template, context)
-            subject = format_map(subject, context)
+            if not isinstance(subject, FormattedString):
+                subject = format_map(subject, context)
             mail(
                 recipient, subject, template, context,
                 self.event, self.order.locale, order=self.order, headers=headers, sender=sender,

src/pretix/base/models/vouchers.py

@@ -239,7 +239,7 @@ class Voucher(LoggedModel):
         )
     )
     price_mode = models.CharField(
-        verbose_name=_("Price mode"),
+        verbose_name=_("Price effect"),
         max_length=100,
         choices=PRICE_MODES,
         default='none'

src/pretix/base/payment.py

@@ -1650,7 +1650,8 @@ class GiftCardPayment(BasePaymentProvider):
                     action='pretix.giftcards.transaction.payment',
                     data={
                         'value': trans.value,
-                        'acceptor_id': self.event.organizer.id
+                        'acceptor_id': self.event.organizer.id,
+                        'acceptor_slug': self.event.organizer.slug
                     }
                 )
         except PaymentException as e:
@@ -1682,6 +1683,7 @@ class GiftCardPayment(BasePaymentProvider):
             data={
                 'value': refund.amount,
                 'acceptor_id': self.event.organizer.id,
+                'acceptor_slug': self.event.organizer.slug,
                 'text': refund.comment,
             }
         )

src/pretix/base/services/mail.py

@@ -81,7 +81,9 @@ from pretix.base.signals import (
 )
 from pretix.celery_app import app
 from pretix.helpers import OF_SELF
-from pretix.helpers.format import SafeFormatter, format_map
+from pretix.helpers.format import (
+    FormattedString, PlainHtmlAlternativeString, SafeFormatter, format_map,
+)
 from pretix.helpers.hierarkey import clean_filename
 from pretix.multidomain.urlreverse import build_absolute_uri
 from pretix.presale.ical import get_private_icals
@@ -218,6 +220,9 @@ def mail(email: Union[str, Sequence[str]], subject: str, template: Union[str, La
     if email == INVALID_ADDRESS:
         return
 
+    if isinstance(template, FormattedString):
+        raise TypeError("Cannot pass an already formatted body template")
+
     if no_order_links and not plain_text_only:
         raise ValueError('If you set no_order_links, you also need to set plain_text_only.')
 
@@ -251,23 +256,28 @@ def mail(email: Union[str, Sequence[str]], subject: str, template: Union[str, La
     if event and attach_tickets and not event.settings.mail_attach_tickets:
         attach_tickets = False
 
-    with language(locale):
+    with language(locale), override(timezone):
         if isinstance(context, dict) and order:
             _autoextend_context(context, order)
 
         # Build raw content
-        body_plain = render_mail(template, context, placeholder_mode=SafeFormatter.MODE_RICH_TO_PLAIN)
+        content_plain = render_mail(template, context, placeholder_mode=None)
         if settings_holder:
             signature = str(settings_holder.settings.get('mail_text_signature'))
         else:
             signature = ""
 
         # Build full plain-text body
+        if not isinstance(content_plain, FormattedString):
+            body_plain = format_map(content_plain, context, mode=SafeFormatter.MODE_RICH_TO_PLAIN)
+        else:
+            body_plain = content_plain
         body_plain = _wrap_plain_body(body_plain, signature, event, order, position, no_order_links)
-        body_plain = format_map(body_plain, context, mode=SafeFormatter.MODE_RICH_TO_PLAIN)
 
         # Build subject
-        subject = str(subject).format_map(TolerantDict(context))
+        if not isinstance(subject, FormattedString):
+            subject = format_map(subject, context)
+
         subject = raw_subject = subject.replace('\n', ' ').replace('\r', '')[:900]
         if settings_holder:
             subject = prefix_subject(settings_holder, subject)
@@ -286,26 +296,24 @@ def mail(email: Union[str, Sequence[str]], subject: str, template: Union[str, La
             else:
                 renderer = ClassicMailRenderer(None, organizer)
 
-            with override(timezone):
-                content_plain = render_mail(template, context, placeholder_mode=None)
-                try:
-                    if 'context' in inspect.signature(renderer.render).parameters:
-                        body_html = renderer.render(content_plain, signature, raw_subject, order, position, context)
-                    elif 'position' in inspect.signature(renderer.render).parameters:
-                        # Backwards compatibility
-                        warnings.warn('Email renderer called without context argument because context argument is not '
-                                      'supported.',
-                                      DeprecationWarning)
-                        body_html = renderer.render(content_plain, signature, raw_subject, order, position)
-                    else:
-                        # Backwards compatibility
-                        warnings.warn('Email renderer called without position argument because position argument is not '
-                                      'supported.',
-                                      DeprecationWarning)
-                        body_html = renderer.render(content_plain, signature, raw_subject, order)
-                except:
-                    logger.exception('Could not render HTML body')
-                    body_html = None
+            try:
+                if 'context' in inspect.signature(renderer.render).parameters:
+                    body_html = renderer.render(content_plain, signature, raw_subject, order, position, context)
+                elif 'position' in inspect.signature(renderer.render).parameters:
+                    # Backwards compatibility
+                    warnings.warn('Email renderer called without context argument because context argument is not '
+                                  'supported.',
+                                  DeprecationWarning)
+                    body_html = renderer.render(content_plain, signature, raw_subject, order, position)
+                else:
+                    # Backwards compatibility
+                    warnings.warn('Email renderer called without position argument because position argument is not '
+                                  'supported.',
+                                  DeprecationWarning)
+                    body_html = renderer.render(content_plain, signature, raw_subject, order)
+            except:
+                logger.exception('Could not render HTML body')
+                body_html = None
 
         m = OutgoingMail.objects.create(
             organizer=organizer,
@@ -381,7 +389,7 @@ def mail_send_task(self, **kwargs) -> bool:
         # mail_send_task(self, *, outgoing_mail)
         with scopes_disabled():
             mail_send(**kwargs)
-        return
+        return False
     else:
         raise ValueError("Unknown arguments")
 
@@ -435,15 +443,24 @@ def mail_send_task(self, **kwargs) -> bool:
                         content = ct.file.read()
                         args.append((name, content, ct.type))
                         attach_size += len(content)
-                    except Exception:
+                    except Exception as e:
                         # This sometimes fails e.g. with FileNotFoundError. We haven't been able to figure out
                         # why (probably some race condition with ticket cache invalidation?), so retry later.
                         try:
-                            self.retry(max_retries=5, countdown=60)
+                            logger.exception(f'Could not attach tickets to email {outgoing_mail.guid}, will retry')
+                            retry_after = 60
+                            outgoing_mail.error = "Tickets not ready"
+                            outgoing_mail.error_detail = str(e)
+                            outgoing_mail.sent = now()
+                            outgoing_mail.status = OutgoingMail.STATUS_AWAITING_RETRY
+                            outgoing_mail.retry_after = now() + timedelta(seconds=retry_after)
+                            outgoing_mail.save(update_fields=["status", "error", "error_detail", "sent", "retry_after",
+                                                              "actual_attachments"])
+                            self.retry(max_retries=5, countdown=retry_after)
                         except MaxRetriesExceededError:
                             # Well then, something is really wrong, let's send it without attachment before we
                             # don't send at all
-                            logger.exception(f'Could not attach tickets to email {outgoing_mail.guid}')
+                            logger.exception(f'Too many retries attaching tickets to email {outgoing_mail.guid}, skip attachment')
                             pass
 
                 if attach_size * 1.37 < settings.FILE_UPLOAD_MAX_SIZE_EMAIL_ATTACHMENT - 1024 * 1024:
@@ -790,7 +807,12 @@ def render_mail(template, context, placeholder_mode: Optional[int]=SafeFormatter
             body = format_map(body, context, mode=placeholder_mode)
     else:
         tpl = get_template(template)
-        body = tpl.render(context)
+        context = {
+            # Known bug, should behave differently for plain and HTML but we'll fix after security release
+            k: v.html if isinstance(v, PlainHtmlAlternativeString) else v
+            for k, v in context.items()
+        }
+        body = FormattedString(tpl.render(context))
     return body
 
 
@@ -936,7 +958,7 @@ def _wrap_plain_body(content_plain, signature, event, order, position, no_order_
     body_plain += "\r\n\r\n-- \r\n"
 
     if signature:
-        signature = signature.format(event=event.name if event else '')
+        signature = format_map(signature, {"event": event.name if event else ''})
         body_plain += signature
         body_plain += "\r\n\r\n-- \r\n"
 
@@ -948,7 +970,7 @@ def _wrap_plain_body(content_plain, signature, event, order, position, no_order_
         body_plain += _(
             "You can view your order details at the following URL:\n{orderurl}."
         ).replace("\n", "\r\n").format(
-            event=event.name, orderurl=build_absolute_uri(
+            orderurl=build_absolute_uri(
                 order.event, 'presale:event.order.position', kwargs={
                     'order': order.code,
                     'secret': position.web_secret,

src/pretix/base/services/orders.py

@@ -253,7 +253,8 @@ def reactivate_order(order: Order, force: bool=False, user: User=None, auth=None
                         auth=auth,
                         data={
                             'value': position.price,
-                            'acceptor_id': order.event.organizer.id
+                            'acceptor_id': order.event.organizer.id,
+                            'acceptor_slug': order.event.organizer.slug
                         }
                     )
                     break
@@ -563,6 +564,7 @@ def _cancel_order(order, user=None, send_mail: bool=True, api_token=None, device
                         data={
                             'value': -position.price,
                             'acceptor_id': order.event.organizer.id,
+                            'acceptor_slug': order.event.organizer.slug
                         }
                     )
 
@@ -2457,7 +2459,8 @@ class OrderChangeManager:
                             auth=self.auth,
                             data={
                                 'value': -position.price,
-                                'acceptor_id': self.order.event.organizer.id
+                                'acceptor_id': self.order.event.organizer.id,
+                                'acceptor_slug': self.order.event.organizer.slug
                             }
                         )
 
@@ -2483,7 +2486,8 @@ class OrderChangeManager:
                                 auth=self.auth,
                                 data={
                                     'value': -opa.position.price,
-                                    'acceptor_id': self.order.event.organizer.id
+                                    'acceptor_id': self.order.event.organizer.id,
+                                    'acceptor_slug': self.order.event.organizer.slug
                                 }
                             )
 
@@ -3453,6 +3457,7 @@ def signal_listener_issue_giftcards(sender: Event, order: Order, **kwargs):
                     data={
                         'value': trans.value,
                         'acceptor_id': order.event.organizer.id,
+                        'acceptor_slug': order.event.organizer.slug
                     }
                 )
                 any_giftcards = True

src/pretix/base/templates/404.html

@@ -8,9 +8,6 @@
         <h1>{% trans "Not found" %}</h1>
         <p>{% trans "I'm afraid we could not find the the resource you requested." %}</p>
         <p>{{ exception }}</p>
-        <p class="links">
-            <a id='goback' href='#'>{% trans "Take a step back" %}</a>
-        </p>
         {% if request.user.is_staff and not staff_session %}
             <form action="{% url 'control:user.sudo' %}?next={{ request.path|add:"?"|add:request.GET.urlencode|urlencode }}" method="post">
                 <p>

src/pretix/control/forms/waitinglist.py

@@ -19,17 +19,44 @@
 # You should have received a copy of the GNU Affero General Public License along with this program.  If not, see
 # <https://www.gnu.org/licenses/>.
 #
+from django import forms
 from django.urls import reverse
+from django.utils.translation import gettext_lazy as _
 from django_scopes.forms import SafeModelChoiceField
+from phonenumber_field.formfields import PhoneNumberField
 
 from pretix.base.forms import I18nModelForm
+from pretix.base.forms.questions import (
+    NamePartsFormField, WrappedPhoneNumberPrefixWidget,
+)
 from pretix.base.models import WaitingListEntry
 from pretix.control.forms.widgets import Select2
 
 
-class WaitingListEntryTransferForm(I18nModelForm):
+class WaitingListEntryEditForm(I18nModelForm):
+    itemvar = forms.ChoiceField(
+        error_messages={
+            'invalid_choice': _("Select a valid choice.")
+        }
+    )
 
     def __init__(self, *args, **kwargs):
+        self.instance = kwargs.get('instance', None)
+        initial = kwargs.get('initial', {})
+
+        choices = []
+        if self.instance and self.instance.pk and 'itemvar' not in initial:
+            if self.instance.variation is not None:
+                initial['itemvar'] = f'{self.instance.item.pk}-{self.instance.variation.pk}'
+                if self.instance.variation.active is False:
+                    choices.append((initial['itemvar'], str(self.instance.variation)))
+            else:
+                initial['itemvar'] = self.instance.item.pk
+                if self.instance.item.active is False:
+                    choices.append((initial['itemvar'], str(self.instance)))
+
+        kwargs['initial'] = initial
+
         super().__init__(*args, **kwargs)
 
         if self.event.has_subevents:
@@ -45,12 +72,73 @@ class WaitingListEntryTransferForm(I18nModelForm):
                 }
             )
             self.fields['subevent'].widget.choices = self.fields['subevent'].choices
+        else:
+            del self.fields['subevent']
+
+        if self.event.settings.waiting_list_names_asked:
+            self.fields['name_parts'] = NamePartsFormField(
+                max_length=255,
+                required=self.event.settings.waiting_list_names_required,
+                scheme=self.event.organizer.settings.name_scheme,
+                titles=self.event.organizer.settings.name_scheme_titles,
+                label=_('Name'),
+            )
+        else:
+            del self.fields['name_parts']
+
+        if not self.event.settings.waiting_list_phones_asked:
+            del self.fields['phone']
+
+        items = self.event.items.filter(active=True).prefetch_related(
+            'variations'
+        )
+
+        for item in items:
+            if len(item.variations.all()) > 0:
+                for variation in item.variations.all():
+                    if variation.active:
+                        choices.append(
+                            ('{}-{}'.format(item.pk, variation.pk), '{} - {}'.format(str(item), str(variation)))
+                        )
+            else:
+                choices.append(('{}'.format(item.pk), str(item)))
+
+        self.fields['itemvar'].label = _("Product")
+        self.fields['itemvar'].help_text = _("Only includes active products.")
+        self.fields['itemvar'].required = True
+        self.fields['itemvar'].choices = choices
+
+    def clean(self):
+        cleaned_data = super().clean()
+
+        if self.instance.voucher is not None:
+            raise forms.ValidationError(_('A voucher for this waiting list entry was already sent out.'))
+
+        itemvar = cleaned_data.get('itemvar')
+        if itemvar:
+            self.instance.item = self.event.items.get(pk=itemvar.split('-')[0])
+            if '-' in itemvar:
+                self.instance.variation = self.instance.item.variations.get(pk=itemvar.split('-')[1])
+
+        if ((self.instance.item and not self.instance.item.active) or
+                (self.instance.variation and not self.instance.variation.active)):
+            self.add_error('itemvar', _('The selected product is not active.'))
+
+        return cleaned_data
 
     class Meta:
         model = WaitingListEntry
         fields = [
+            'email',
+            'name_parts',
+            'phone',
             'subevent',
         ]
         field_classes = {
             'subevent': SafeModelChoiceField,
+            'email': forms.EmailField,
+            'phone': PhoneNumberField,
+        }
+        widgets = {
+            'phone': WrappedPhoneNumberPrefixWidget,
         }

src/pretix/control/templates/pretixcontrol/auth/login.html

@@ -19,6 +19,14 @@
             </ul>
             <br>
         {% endif %}
+        {% if possible_cookie_problem %}
+            <div class="alert alert-warning">
+                {% blocktrans trimmed %}
+                    It looks like your browser is not accepting our cookie and you need to log in repeatedly. Please
+                    check if your browser is set to block cookies, or delete all existing cookies and retry.
+                {% endblocktrans %}
+            </div>
+        {% endif %}
         {% csrf_token %}
         {% bootstrap_form form %}
         <div class="form-group buttons">

src/pretix/control/templates/pretixcontrol/user/2fa_main.html

@@ -144,14 +144,23 @@
         </div>
         <div class="panel-body">
             <p>
-                {% trans "If you lose access to your devices, you can use one of the following keys to log in. We recommend to store them in a safe place, e.g. printed out or in a password manager. Every token can be used at most once." %}
+                {% blocktrans trimmed %}
+                    If you lose access to your devices, you can use one of your emergency tokens to log in.
+                    We recommend to store them in a safe place, e.g. printed out or in a password manager.
+                    Every token can be used at most once.
+                {% endblocktrans %}
             </p>
-            <p>{% trans "Unused tokens:" %}</p>
-            <ul>
-                {% for t in static_tokens %}
-                    <li><code>{{ t.token }}</code></li>
-                {% endfor %}
-            </ul>
+            {% if static_tokens_device %}
+                <p>
+                    {% blocktrans trimmed with generation_date_time=static_tokens_device.created_at %}
+                        You generated your emergency tokens on {{ generation_date_time }}.
+                    {% endblocktrans %}
+                </p>
+            {% else %}
+                <p>
+                    {% trans "You don't have any emergency tokens yet." %}
+                </p>
+            {% endif %}
             <a href="{% url "control:user.settings.2fa.regenemergency" %}" class="btn btn-default">
                 <span class="fa fa-refresh"></span>
                 {% trans "Generate new emergency tokens" %}

src/pretix/control/templates/pretixcontrol/waitinglist/edit.html

@@ -0,0 +1,33 @@
+{% extends "pretixcontrol/event/base.html" %}
+{% load i18n %}
+{% load bootstrap3 %}
+{% block title %}{% trans "Edit entry" %}{% endblock %}
+{% block content %}
+    <h1>{% trans "Edit entry" %}</h1>
+    <form action="" method="post" class="form-horizontal">
+        {% csrf_token %}
+
+        {% if form.subevent %}
+            {% bootstrap_field form.subevent layout="control" %}
+        {% endif %}
+
+        {% bootstrap_field form.email layout="control" %}
+
+        {% if form.name_parts %}
+            {% bootstrap_field form.name_parts layout="control" %}
+        {% endif %}
+
+        {% if form.phone %}
+            {% bootstrap_field form.phone layout="control" %}
+        {% endif %}
+        {% bootstrap_field form.itemvar layout="control" %}
+        <div class="form-group submit-group">
+            <a href="{% url "control:event.orders.waitinglist" organizer=request.event.organizer.slug event=request.event.slug %}" class="btn btn-default btn-cancel">
+                {% trans "Cancel" %}
+            </a>
+            <button type="submit" class="btn btn-primary btn-save">
+                {% trans "Save" %}
+            </button>
+        </div>
+    </form>
+{% endblock %}

src/pretix/control/templates/pretixcontrol/waitinglist/index.html

@@ -124,6 +124,7 @@
                 </option>
             {% endfor %}
         </select>
+        <input name="search" type="text" placeholder="{% trans "Search" %}" class="form-control" value="{{ request.GET.search }}">
         {% if request.event.has_subevents %}
             <select name="subevent" class="form-control">
                 <option value="">{% trans "All dates" context "subevent" %}</option>
@@ -267,13 +268,13 @@
                                     data-toggle="tooltip" title="{% trans "Move to the end of the list" %}">
                                     <span class="fa fa-thumbs-down"></span>
                                 </button>
-                                {% if request.event.has_subevents %}
-                                    <a href="{% url "control:event.orders.waitinglist.transfer" organizer=request.event.organizer.slug event=request.event.slug entry=e.id %}"
-                                       class="btn btn-default btn-sm" title="{% trans "Transfer to other date" context "subevent" %}"
-                                        data-toggle="tooltip">
-                                        <i class="fa fa-calendar" aria-hidden="true"></i>
-                                    </a>
-                                {% endif %}
+
+                                <a href="{% url "control:event.orders.waitinglist.edit" organizer=request.event.organizer.slug event=request.event.slug entry=e.id %}"
+                                   class="btn btn-default btn-sm" title="{% trans "Edit entry" %}"
+                                    data-toggle="tooltip">
+                                    <i class="fa fa-edit" aria-hidden="true"></i>
+                                </a>
+
                                 <a href="{% url "control:event.orders.waitinglist.delete" organizer=request.event.organizer.slug event=request.event.slug entry=e.id %}?next={{ request.get_full_path|urlencode }}" class="btn btn-danger btn-sm"><i class="fa fa-trash"></i></a>
                             {% else %}
                                 <button class="btn btn-default btn-sm disabled">

src/pretix/control/templates/pretixcontrol/waitinglist/transfer.html

@@ -1,23 +0,0 @@
-{% extends "pretixcontrol/event/base.html" %}
-{% load i18n %}
-{% load bootstrap3 %}
-{% block title %}{% trans "Transfer entry" %}{% endblock %}
-{% block content %}
-    <h1>{% trans "Transfer entry" %}</h1>
-    <form action="" method="post" class="form-horizontal">
-        {% csrf_token %}
-        <p>{% blocktrans trimmed context "subevent" %}
-            Please select the date to which the following waiting list entry should be
-            transferred: <strong>{{ entry }}</strong>?
-        {% endblocktrans %}</p>
-        {% bootstrap_field form.subevent layout="control" %}
-        <div class="form-group submit-group">
-            <a href="{% url "control:event.orders.waitinglist" organizer=request.event.organizer.slug event=request.event.slug %}" class="btn btn-default btn-cancel">
-                {% trans "Cancel" %}
-            </a>
-            <button type="submit" class="btn btn-primary btn-save">
-                {% trans "Transfer" %}
-            </button>
-        </div>
-    </form>
-{% endblock %}

src/pretix/control/urls.py

@@ -480,8 +480,8 @@ urlpatterns = [
         re_path(r'^waitinglist/auto_assign$', waitinglist.AutoAssign.as_view(), name='event.orders.waitinglist.auto'),
         re_path(r'^waitinglist/(?P<entry>\d+)/delete$', waitinglist.EntryDelete.as_view(),
                 name='event.orders.waitinglist.delete'),
-        re_path(r'^waitinglist/(?P<entry>\d+)/transfer$', waitinglist.EntryTransfer.as_view(),
-                name='event.orders.waitinglist.transfer'),
+        re_path(r'^waitinglist/(?P<entry>\d+)/edit$', waitinglist.EntryEdit.as_view(),
+                name='event.orders.waitinglist.edit'),
         re_path(r'^checkins/$', checkin.CheckinListView.as_view(), name='event.orders.checkins'),
         re_path(r'^checkinlists/$', checkin.CheckinListList.as_view(), name='event.orders.checkinlists'),
         re_path(r'^checkinlists/add$', checkin.CheckinListCreate.as_view(), name='event.orders.checkinlists.add'),

src/pretix/control/views/auth.py

@@ -149,6 +149,8 @@ def login(request):
             return process_login(request, form.user_cache, form.cleaned_data.get('keep_logged_in', False))
     else:
         form = LoginForm(backend=backend, request=request)
+        # Detect redirection loop (usually means cookie not accepted)
+        ctx['possible_cookie_problem'] = request.path in request.headers.get("Referer", "")
     ctx['form'] = form
     ctx['can_register'] = settings.PRETIX_REGISTRATION
     ctx['can_reset'] = settings.PRETIX_PASSWORD_RESET

src/pretix/control/views/event.py

@@ -870,11 +870,15 @@ class MailSettingsPreview(EventPermissionRequiredMixin, View):
                                 )
 
                         except ValueError:
-                            msgs[self.supported_locale[idx]] = '<div class="alert alert-danger">{}</div>'.format(
-                                PlaceholderValidator.error_message)
+                            msgs[self.supported_locale[idx]] = format_html(
+                                '<div class="alert alert-danger">{}</div>',
+                                PlaceholderValidator.error_message
+                            )
                         except KeyError as e:
-                            msgs[self.supported_locale[idx]] = '<div class="alert alert-danger">{}</div>'.format(
-                                _('Invalid placeholder: {%(value)s}') % {'value': e.args[0]})
+                            msgs[self.supported_locale[idx]] = format_html(
+                                '<div class="alert alert-danger">{}</div>',
+                                _('Invalid placeholder: {%(value)s}') % {'value': e.args[0]}
+                            )
 
         return JsonResponse({
             'item': preview_item,

src/pretix/control/views/organizer.py

@@ -1850,7 +1850,8 @@ class GiftCardDetailView(OrganizerDetailViewMixin, OrganizerPermissionRequiredMi
                         data={
                             'value': value,
                             'text': request.POST.get('text'),
-                            'acceptor_id': self.request.organizer.id
+                            'acceptor_id': self.request.organizer.id,
+                            'acceptor_slug': self.request.organizer.slug
                         },
                         user=self.request.user,
                     )
@@ -1913,7 +1914,8 @@ class GiftCardCreateView(OrganizerDetailViewMixin, OrganizerPermissionRequiredMi
                 user=self.request.user,
                 data={
                     'value': form.cleaned_data['value'],
-                    'acceptor_id': self.request.organizer.id
+                    'acceptor_id': self.request.organizer.id,
+                    'acceptor_slug': self.request.organizer.slug
                 }
             )
         return redirect(reverse(

src/pretix/control/views/user.py

@@ -49,12 +49,14 @@ from django.db import transaction
 from django.shortcuts import get_object_or_404, redirect
 from django.urls import reverse
 from django.utils.crypto import get_random_string
+from django.utils.decorators import method_decorator
 from django.utils.functional import cached_property
 from django.utils.html import format_html
 from django.utils.http import url_has_allowed_host_and_scheme
 from django.utils.timezone import now
 from django.utils.translation import gettext_lazy as _
 from django.views import View
+from django.views.decorators.cache import never_cache
 from django.views.generic import FormView, ListView, TemplateView, UpdateView
 from django_otp.plugins.otp_static.models import StaticDevice
 from django_otp.plugins.otp_totp.models import TOTPDevice
@@ -85,8 +87,9 @@ logger = logging.getLogger(__name__)
 
 
 class RecentAuthenticationRequiredMixin:
-    max_time = 3600
+    max_time = 900
 
+    @method_decorator(never_cache)
     def dispatch(self, request, *args, **kwargs):
         tdelta = time.time() - request.session.get('pretix_auth_login_time', 0)
         if tdelta > self.max_time:
@@ -289,16 +292,13 @@ class User2FAMainView(RecentAuthenticationRequiredMixin, TemplateView):
         ctx = super().get_context_data()
 
         try:
-            ctx['static_tokens'] = StaticDevice.objects.get(user=self.request.user, name='emergency').token_set.all()
+            ctx['static_tokens_device'] = StaticDevice.objects.get(user=self.request.user, name='emergency')
         except StaticDevice.MultipleObjectsReturned:
-            ctx['static_tokens'] = StaticDevice.objects.filter(
+            ctx['static_tokens_device'] = StaticDevice.objects.filter(
                 user=self.request.user, name='emergency'
-            ).first().token_set.all()
+            ).first()
         except StaticDevice.DoesNotExist:
-            d = StaticDevice.objects.create(user=self.request.user, name='emergency')
-            for i in range(10):
-                d.token_set.create(token=get_random_string(length=12, allowed_chars='1234567890'))
-            ctx['static_tokens'] = d.token_set.all()
+            ctx['static_tokens_device'] = None
 
         ctx['devices'] = []
         for dt in REAL_DEVICE_TYPES:
@@ -630,8 +630,14 @@ class User2FARegenerateEmergencyView(RecentAuthenticationRequiredMixin, Template
         ])
         self.request.user.update_session_token()
         update_session_auth_hash(self.request, self.request.user)
-        messages.success(request, _('Your emergency codes have been newly generated. Remember to store them in a safe '
-                                    'place in case you lose access to your devices.'))
+        messages.success(
+            request,
+            _('Your emergency codes have been newly generated. Remember to store them in a safe '
+              'place in case you lose access to your devices. You will not be able to view them '
+              'again here.\n\nYour emergency codes:\n{tokens}').format(
+                tokens='- ' + '\n- '.join(t.token for t in d.token_set.all())
+            )
+        )
         return redirect(reverse('control:user.settings.2fa'))
 
 

src/pretix/control/views/waitinglist.py

@@ -53,7 +53,7 @@ from pretix.base.models import Item, LogEntry, Quota, WaitingListEntry
 from pretix.base.models.waitinglist import WaitingListException
 from pretix.base.services.waitinglist import assign_automatically
 from pretix.base.views.tasks import AsyncAction
-from pretix.control.forms.waitinglist import WaitingListEntryTransferForm
+from pretix.control.forms.waitinglist import WaitingListEntryEditForm
 from pretix.control.permissions import EventPermissionRequiredMixin
 from pretix.control.views import PaginationMixin
 
@@ -138,6 +138,17 @@ class WaitingListQuerySetMixin:
         elif force_filtered and '__ALL' not in self.request_data:
             qs = qs.none()
 
+        if self.request_data.get("search", "") != "":
+            s = self.request_data.get("search", "")
+            search_q = Q(email__icontains=s)
+
+            if self.request.event.settings.waiting_list_names_asked:
+                search_q = search_q | Q(name_cached__icontains=s)
+            if self.request.event.settings.waiting_list_phones_asked:
+                search_q = search_q | Q(phone__icontains=s)
+
+            qs = qs.filter(search_q)
+
         return qs
 
 
@@ -238,7 +249,7 @@ class WaitingListView(EventPermissionRequiredMixin, WaitingListQuerySetMixin, Pa
     def get_context_data(self, **kwargs):
         ctx = super().get_context_data(**kwargs)
         ctx['items'] = Item.objects.filter(event=self.request.event)
-        ctx['filtered'] = ("status" in self.request.GET or "item" in self.request.GET)
+        ctx['filtered'] = any(param in self.request.GET for param in ("status", "item", "search"))
 
         itemvar_cache = {}
         quota_cache = {}
@@ -390,25 +401,20 @@ class EntryDelete(EventPermissionRequiredMixin, CompatDeleteView):
         })
 
 
-class EntryTransfer(EventPermissionRequiredMixin, UpdateView):
+class EntryEdit(EventPermissionRequiredMixin, UpdateView):
     model = WaitingListEntry
-    template_name = 'pretixcontrol/waitinglist/transfer.html'
+    template_name = 'pretixcontrol/waitinglist/edit.html'
     permission = 'can_change_orders'
-    form_class = WaitingListEntryTransferForm
+    form_class = WaitingListEntryEditForm
     context_object_name = 'entry'
 
-    def dispatch(self, request, *args, **kwargs):
-        if not self.request.event.has_subevents:
-            raise Http404(_("This is not an event series."))
-        return super().dispatch(request, *args, **kwargs)
-
     def get_object(self, queryset=None) -> WaitingListEntry:
         return get_object_or_404(WaitingListEntry, pk=self.kwargs['entry'], event=self.request.event, voucher__isnull=True)
 
     @transaction.atomic
     def form_valid(self, form):
-        messages.success(self.request, _('The waitinglist entry has been transferred.'))
         if form.has_changed():
+            messages.success(self.request, _('The waitinglist entry has been changed.'))
             self.object.log_action(
                 'pretix.event.orders.waitinglist.changed', user=self.request.user, data={
                     k: form.cleaned_data.get(k) for k in form.changed_data

src/pretix/helpers/format.py

@@ -22,6 +22,7 @@
 import logging
 from string import Formatter
 
+from django.core.exceptions import SuspiciousOperation
 from django.utils.html import conditional_escape
 
 logger = logging.getLogger(__name__)
@@ -37,6 +38,17 @@ class PlainHtmlAlternativeString:
         return f"PlainHtmlAlternativeString('{self.plain}', '{self.html}')"
 
 
+class FormattedString(str):
+    """
+    A str subclass that has been specifically marked as "already formatted" for email rendering
+    purposes to avoid duplicate formatting.
+    """
+    __slots__ = ()
+
+    def __str__(self):
+        return self
+
+
 class SafeFormatter(Formatter):
     """
     Customized version of ``str.format`` that (a) behaves just like ``str.format_map`` and
@@ -77,8 +89,19 @@ class SafeFormatter(Formatter):
         # Ignore format_spec
         return super().format_field(self._prepare_value(value), '')
 
+    def convert_field(self, value, conversion):
+        # Ignore any conversions
+        if conversion is None:
+            return value
+        else:
+            return str(value)
 
-def format_map(template, context, raise_on_missing=False, mode=SafeFormatter.MODE_RICH_TO_PLAIN, linkifier=None):
+
+def format_map(template, context, raise_on_missing=False, mode=SafeFormatter.MODE_RICH_TO_PLAIN, linkifier=None) -> FormattedString:
+    if isinstance(template, FormattedString):
+        raise SuspiciousOperation("Calling format_map() on an already formatted string is likely unsafe.")
     if not isinstance(template, str):
         template = str(template)
-    return SafeFormatter(context, raise_on_missing, mode=mode, linkifier=linkifier).format(template)
+    return FormattedString(
+        SafeFormatter(context, raise_on_missing, mode=mode, linkifier=linkifier).format(template)
+    )

src/pretix/locale/de/wordlist.txt

@@ -265,6 +265,7 @@ Objekt-IDs
 Offline-Scan
 OK
 Online-Banking
+Online-Banking-Nutzer
 Onlinebanking
 Onlinebanking-Zugangsdaten
 Open
@@ -539,6 +540,8 @@ WeChat-Zahlung
 Weiterleitungs-URIs
 Weiterleitungs-URL
 Weiterleitungs-URLs
+WERO
+WERO-App
 WhatsApp
 Widget
 Widget-Code

src/pretix/locale/de_Informal/wordlist.txt

@@ -265,6 +265,7 @@ Objekt-IDs
 Offline-Scan
 OK
 Online-Banking
+Online-Banking-Nutzer
 Onlinebanking
 Onlinebanking-Zugangsdaten
 Open
@@ -539,6 +540,8 @@ WeChat-Zahlung
 Weiterleitungs-URIs
 Weiterleitungs-URL
 Weiterleitungs-URLs
+WERO
+WERO-App
 WhatsApp
 Widget
 Widget-Code

src/pretix/locale/djangojs.pot

@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-01-26 13:20+0000\n"
+"POT-Creation-Date: 2026-02-24 11:50+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"

src/pretix/locale/ja/LC_MESSAGES/djangojs.po

@@ -8,8 +8,8 @@ msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2026-01-26 09:10+0000\n"
-"PO-Revision-Date: 2026-02-06 07:41+0000\n"
-"Last-Translator: Ryo Tagami <rtagami@airstrip.jp>\n"
+"PO-Revision-Date: 2026-02-23 10:00+0000\n"
+"Last-Translator: Hijiri Umemoto <hijiri@umemoto.org>\n"
 "Language-Team: Japanese <https://translate.pretix.eu/projects/pretix/pretix-"
 "js/ja/>\n"
 "Language: ja\n"
@@ -17,7 +17,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=1; plural=0;\n"
-"X-Generator: Weblate 5.15.2\n"
+"X-Generator: Weblate 5.16\n"
 
 #: pretix/plugins/banktransfer/static/pretixplugins/banktransfer/ui.js:56
 #: pretix/plugins/banktransfer/static/pretixplugins/banktransfer/ui.js:62
@@ -256,7 +256,7 @@ msgstr "承認保留中"
 
 #: pretix/plugins/webcheckin/static/pretixplugins/webcheckin/main.js:48
 msgid "Redeemed"
-msgstr "使用済"
+msgstr "引き換え済み"
 
 #: pretix/plugins/webcheckin/static/pretixplugins/webcheckin/main.js:49
 msgid "Cancel"
@@ -456,11 +456,11 @@ msgstr "="
 
 #: pretix/static/pretixcontrol/js/ui/checkinrules.js:99
 msgid "Product"
-msgstr "商品"
+msgstr "製品"
 
 #: pretix/static/pretixcontrol/js/ui/checkinrules.js:103
 msgid "Product variation"
-msgstr "商品バリエーション"
+msgstr "製品バリエーション"
 
 #: pretix/static/pretixcontrol/js/ui/checkinrules.js:107
 msgid "Gate"
@@ -726,8 +726,8 @@ msgid ""
 "The items in your cart are no longer reserved for you. You can still "
 "complete your order as long as they’re available."
 msgstr ""
-"カート内の商品の確保期限が切れました。在庫があれば、このまま注文を完了するこ"
-"とができます。"
+"カート内のアイテムの予約が解除されました。在庫がある限り、引き続き注文を完了"
+"できます。"
 
 #: pretix/static/pretixpresale/js/ui/cart.js:49
 msgid "Cart expired"

src/pretix/locale/nl/LC_MESSAGES/djangojs.po

@@ -7,7 +7,7 @@ msgstr ""
 "Project-Id-Version: 1\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2026-01-26 09:10+0000\n"
-"PO-Revision-Date: 2026-02-05 23:00+0000\n"
+"PO-Revision-Date: 2026-02-19 22:00+0000\n"
 "Last-Translator: Ruud Hendrickx <ruud@leckxicon.eu>\n"
 "Language-Team: Dutch <https://translate.pretix.eu/projects/pretix/pretix-js/"
 "nl/>\n"
@@ -16,7 +16,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=n != 1;\n"
-"X-Generator: Weblate 5.15.2\n"
+"X-Generator: Weblate 5.16\n"
 
 #: pretix/plugins/banktransfer/static/pretixplugins/banktransfer/ui.js:56
 #: pretix/plugins/banktransfer/static/pretixplugins/banktransfer/ui.js:62
@@ -674,7 +674,7 @@ msgstr "Zoekopdracht"
 
 #: pretix/static/pretixcontrol/js/ui/main.js:461
 msgid "All"
-msgstr "Alle"
+msgstr "Allemaal"
 
 #: pretix/static/pretixcontrol/js/ui/main.js:462
 msgid "None"

src/pretix/locale/wordlist.txt

@@ -187,6 +187,7 @@ webhooks
 webserver
 Wechat
 WeChat
+WERO
 WhatsApp
 whitespace
 xlsx

src/pretix/plugins/banktransfer/templates/pretixplugins/banktransfer/pending.html

@@ -21,10 +21,10 @@
             <dt>{% trans "Reference code (important):" %}</dt><dd><b>{{ code }}</b></dd>
             <dt>{% trans "Amount:" %}</dt><dd>{{ amount|money:event.currency }}</dd>
             {% if settings.bank_details_type == "sepa" %}
-                <dt>{% trans "Account holder" %}:</dt><dd>{{ settings.bank_details_sepa_name }}</dt>
-                <dt>{% trans "IBAN" %}:</dt><dd>{{ settings.bank_details_sepa_iban|ibanformat }}</dt>
-                <dt>{% trans "BIC" %}:</dt><dd>{{ settings.bank_details_sepa_bic }}</dt>
-                <dt>{% trans "Bank" %}:</dt><dd>{{ settings.bank_details_sepa_bank }}</dt>
+                <dt>{% trans "Account holder" %}:</dt><dd>{{ settings.bank_details_sepa_name }}</dd>
+                <dt>{% trans "IBAN" %}:</dt><dd>{{ settings.bank_details_sepa_iban|ibanformat }}</dd>
+                <dt>{% trans "BIC" %}:</dt><dd>{{ settings.bank_details_sepa_bic }}</dd>
+                <dt>{% trans "Bank" %}:</dt><dd>{{ settings.bank_details_sepa_bank }}</dd>
             {% endif %}
         </dl>
         {% if details %}
@@ -38,4 +38,4 @@
     {% if payment_qr_codes %}
         {% include "pretixpresale/event/payment_qr_codes.html" %}
     {% endif %}
-</div>
+</div>

src/pretix/plugins/paypal2/payment.py

@@ -786,7 +786,12 @@ class PaypalMethod(BasePaymentProvider):
                 else:
                     pp_captured_order = response.result
 
-                for purchaseunit in pp_captured_order.purchase_units:
+            payment.refresh_from_db()
+
+            any_captures = False
+            all_captures_completed = True
+            for purchaseunit in pp_captured_order.purchase_units:
+                if hasattr(purchaseunit, 'payments'):
                     for capture in purchaseunit.payments.captures:
                         try:
                             ReferencedPayPalObject.objects.get_or_create(order=payment.order, payment=payment, reference=capture.id)
@@ -794,14 +799,16 @@ class PaypalMethod(BasePaymentProvider):
                             pass
 
                         if capture.status != 'COMPLETED':
-                            messages.warning(request, _('PayPal has not yet approved the payment. We will inform you as '
-                                                        'soon as the payment completed.'))
-                            payment.info = json.dumps(pp_captured_order.dict())
-                            payment.state = OrderPayment.PAYMENT_STATE_PENDING
-                            payment.save()
-                            return
-
-            payment.refresh_from_db()
+                            all_captures_completed = False
+                        else:
+                            any_captures = True
+            if not (any_captures and all_captures_completed):
+                messages.warning(request, _('PayPal has not yet approved the payment. We will inform you as '
+                                            'soon as the payment completed.'))
+                payment.info = json.dumps(pp_captured_order.dict())
+                payment.state = OrderPayment.PAYMENT_STATE_PENDING
+                payment.save()
+                return
 
             if pp_captured_order.status != 'COMPLETED':
                 payment.fail(info=pp_captured_order.dict())

src/pretix/plugins/stripe/payment.py

@@ -118,6 +118,7 @@ logger = logging.getLogger('pretix.plugins.stripe')
 # - UPI: ✗
 # - Netbanking: ✗
 # - TWINT: ✓
+# - Wero: ✓ (No settings UI yet)
 #
 # Bank transfers
 # - ACH Bank Transfer: ✗
@@ -509,6 +510,15 @@ class StripeSettingsHolder(BasePaymentProvider):
                                  'before they work properly.'),
                      required=False,
                  )),
+                # Disabled for now, since still in closed Beta and only available to dedicated boarded accounts.
+                # ('method_wero',
+                #  forms.BooleanField(
+                #     label=_('Wero'),
+                #      disabled=self.event.currency not in 'EUR',
+                #      help_text=_('Some payment methods might need to be enabled in the settings of your Stripe account '
+                #                  'before they work properly.'),
+                #      required=False,
+                #  )),
             ] + extra_fields + list(super().settings_form_fields.items()) + moto_settings
         )
         if not self.settings.connect_client_id or self.settings.secret_key:
@@ -1946,3 +1956,15 @@ class StripeMobilePay(StripeRedirectMethod):
                 "type": "mobilepay",
             },
         }
+
+
+class StripeWero(StripeRedirectMethod):
+    identifier = 'stripe_wero'
+    verbose_name = _('WERO via Stripe')
+    public_name = 'WERO'
+    method = 'wero'
+    confirmation_method = 'automatic'
+    explanation = _(
+        'This payment method is available to European online banking users, whose banking institutions support WERO '
+        'either through their native banking apps or through the WERO wallet app. Please have you app ready.'
+    )

src/pretix/plugins/stripe/signals.py

@@ -49,14 +49,14 @@ def register_payment_provider(sender, **kwargs):
         StripeMultibanco, StripePayByBank, StripePayPal, StripePromptPay,
         StripePrzelewy24, StripeRevolutPay, StripeSEPADirectDebit,
         StripeSettingsHolder, StripeSofort, StripeSwish, StripeTwint,
-        StripeWeChatPay,
+        StripeWeChatPay, StripeWero,
     )
 
     return [
         StripeSettingsHolder, StripeCC, StripeGiropay, StripeIdeal, StripeAlipay, StripeBancontact,
         StripeSofort, StripeEPS, StripeMultibanco, StripePayByBank, StripePrzelewy24, StripePromptPay, StripeRevolutPay,
         StripeWeChatPay, StripeSEPADirectDebit, StripeAffirm, StripeKlarna, StripePayPal, StripeSwish,
-        StripeTwint, StripeMobilePay
+        StripeTwint, StripeMobilePay, StripeWero
     ]
 
 

src/pretix/plugins/stripe/templates/pretixplugins/stripe/sca.html

@@ -9,7 +9,7 @@
     <script type="text/plain" id="stripe_payment_intent_action_type">{{ payment_intent_action_type }}</script>
     <script type="text/plain" id="stripe_payment_intent_client_secret">{{ payment_intent_client_secret }}</script>
     {% if payment_intent_next_action_redirect_url %}
-        <script type="text/plain" id="stripe_payment_intent_next_action_redirect_url">{{ payment_intent_next_action_redirect_url }}</script>
+        <script type="text/plain" id="stripe_payment_intent_next_action_redirect_url">{{ payment_intent_next_action_redirect_url|safe }}</script>
     {% endif %}
     {% if payment_intent_redirect_action_handling %}
         <script type="text/plain" id="stripe_payment_intent_redirect_action_handling">{{ payment_intent_redirect_action_handling }}</script>

src/pretix/presale/context.py

@@ -179,6 +179,7 @@ def _default_context(request):
     ctx['html_page_header'] = "".join(h for h in _html_page_header if h)
     ctx['footer'] = _footer
     ctx['site_url'] = settings.SITE_URL
+    ctx['request_get_items'] = request.GET.items()
 
     ctx['js_datetime_format'] = get_javascript_format_without_seconds('DATETIME_INPUT_FORMATS')
     ctx['js_date_format'] = get_javascript_format_without_seconds('DATE_INPUT_FORMATS')

src/pretix/presale/templates/pretixpresale/event/fragment_subevent_calendar.html

@@ -15,7 +15,7 @@
         </li>
         <li class="text-center">
             <form class="form-inline" method="get" id="monthselform" action="{% eventurl event "presale:event.index" cart_namespace=cart_namespace %}">
-                {% for f, v in request.GET.items %}
+                {% for f, v in request_get_items %}
                     {% if f != "date" %}
                         <input type="hidden" name="{{ f }}" value="{{ v }}">
                     {% endif %}

src/pretix/presale/templates/pretixpresale/event/fragment_subevent_calendar_week.html

@@ -15,7 +15,7 @@
         </li>
         <li class="text-center">
             <form class="form-inline" method="get" id="monthselform" action="{% eventurl event "presale:event.index" cart_namespace=cart_namespace %}">
-                {% for f, v in request.GET.items %}
+                {% for f, v in request_get_items %}
                     {% if f != "date" %}
                         <input type="hidden" name="{{ f }}" value="{{ v }}">
                     {% endif %}

src/pretix/presale/templates/pretixpresale/event/resend_link.html

@@ -1,14 +1,14 @@
 {% extends "pretixpresale/event/base.html" %}
 {% load i18n %}
 {% load bootstrap3 %}
-{% block title %}{% trans "Resend order links" %}{% endblock %}
+{% block title %}{% trans "Resend order link" %}{% endblock %}
 {% block custom_header %}
     {{ block.super }}
     <meta name="robots" content="noindex, nofollow">
 {% endblock %}
 {% block content %}
     <h2>
-        {% trans "Resend order links" %}
+        {% trans "Resend order link" %}
     </h2>
     <p>
         {% blocktrans trimmed %}

src/pretix/presale/templates/pretixpresale/fragment_event_list_filter.html

@@ -7,7 +7,7 @@
 {% if filter_form.fields %}
     <form class="event-list-filter-form" method="get" data-save-scrollpos>
         <input type="hidden" name="filtered" value="1">
-        {% for f, v in request.GET.items %}
+        {% for f, v in request_get_items %}
             {% if f not in filter_form.fields and f != "page" %}
                 <input type="hidden" name="{{ f }}" value="{{ v }}">
             {% endif %}