Remove back link from 404 error page (#23222967)

I've kept it for 400/403/500/csrffail for now, because they also have a
"try again" link. Yes, both things have browser buttons, but they make
it a *little* clearer to technical users what one could to next, and
especially on csrffail, "step back" is always possible and possibly actually
helpful.

doc/api/resources/orders.rst

@@ -1719,56 +1719,6 @@ List of all order positions
    :statuscode 401: Authentication failure
    :statuscode 403: The requested organizer/event does not exist **or** you have no permission to view this resource.
 
-.. http:get:: /api/v1/organizers/(organizer)/orderpositions/
-
-   Returns a list of all order positions within all events of a given organizer (with sufficient access permissions).
-
-   The supported query parameters and output format of this endpoint are almost identical to those of the list endpoint
-   within an event.
-   The only changes are that responses also contain the ``event`` attribute in each result and that the 'pdf_data'
-   parameter is not supported.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      GET /api/v1/organizers/bigevents/orderpositions/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 200 OK
-      Vary: Accept
-      Content-Type: application/json
-      X-Page-Generated: 2017-12-01T10:00:00Z
-
-      {
-        "count": 1,
-        "next": null,
-        "previous": null,
-        "results": [
-          {
-            "id:": 23442
-            "event": "sampleconf",
-            "order": "ABC12",
-            "positionid": 1,
-            "canceled": false,
-            "item": 1345,
-            ...
-          }
-        ]
-      }
-
-   :param organizer: The ``slug`` field of the organizer to fetch
-   :statuscode 200: no error
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer/event does not exist **or** you have no permission to view this resource.
-
-
-
 Fetching individual positions
 -----------------------------
 

pyproject.toml

@@ -77,7 +77,7 @@ dependencies = [
   "phonenumberslite==9.0.*",
   "Pillow==12.1.*",
   "pretix-plugin-build",
-  "protobuf==7.34.*",
+  "protobuf==6.33.*",
   "psycopg2-binary",
   "pycountry",
   "pycparser==3.0",
@@ -92,7 +92,7 @@ dependencies = [
   "redis==7.1.*",
   "reportlab==4.4.*",
   "requests==2.32.*",
-  "sentry-sdk==2.54.*",
+  "sentry-sdk==2.52.*",
   "sepaxml==2.7.*",
   "stripe==7.9.*",
   "text-unidecode==1.*",
@@ -110,10 +110,10 @@ dev = [
   "aiohttp==3.13.*",
   "coverage",
   "coveralls",
-  "fakeredis==2.34.*",
+  "fakeredis==2.33.*",
   "flake8==7.3.*",
   "freezegun",
-  "isort==8.0.*",
+  "isort==7.0.*",
   "pep8-naming==0.15.*",
   "potypo",
   "pytest-asyncio>=0.24",

src/pretix/__init__.py

@@ -19,4 +19,4 @@
 # You should have received a copy of the GNU Affero General Public License along with this program.  If not, see
 # <https://www.gnu.org/licenses/>.
 #
-__version__ = "2026.3.0.dev0"
+__version__ = "2026.2.0.dev0"

src/pretix/api/serializers/order.py

@@ -19,7 +19,6 @@
 # You should have received a copy of the GNU Affero General Public License along with this program.  If not, see
 # <https://www.gnu.org/licenses/>.
 #
-import json
 import logging
 import os
 from collections import Counter, defaultdict
@@ -637,14 +636,6 @@ class OrderPositionSerializer(I18nAwareModelSerializer):
         return entry
 
 
-class OrganizerOrderPositionSerializer(OrderPositionSerializer):
-    event = SlugRelatedField(slug_field='slug', read_only=True)
-
-    class Meta(OrderPositionSerializer.Meta):
-        fields = OrderPositionSerializer.Meta.fields + ('event',)
-        read_only_fields = OrderPositionSerializer.Meta.read_only_fields + ('event',)
-
-
 class RequireAttentionField(serializers.Field):
     def to_representation(self, instance: OrderPosition):
         return instance.require_checkin_attention
@@ -1224,18 +1215,6 @@ class OrderCreateSerializer(I18nAwareModelSerializer):
             raise ValidationError('The given payment provider is not known.')
         return pp
 
-    def validate_payment_info(self, info):
-        if info:
-            try:
-                obj = json.loads(info)
-            except ValueError:
-                raise ValidationError('payment_info must be valid JSON.')
-
-            if not isinstance(obj, dict):
-                # only objects are allowed
-                raise ValidationError('payment_info must be a JSON object.')
-        return info
-
     def validate_expires(self, expires):
         if expires < now():
             raise ValidationError('Expiration date must be in the future.')

src/pretix/api/serializers/organizer.py

@@ -365,10 +365,9 @@ class TeamInviteSerializer(serializers.ModelSerializer):
     def _send_invite(self, instance):
         mail(
             instance.email,
-            _('Account invitation'),
+            _('pretix account invitation'),
             'pretixcontrol/email/invitation.txt',
             {
-                'instance': settings.PRETIX_INSTANCE_NAME,
                 'user': self,
                 'organizer': self.context['organizer'].name,
                 'team': instance.team.name,

src/pretix/api/urls.py

@@ -67,7 +67,6 @@ orga_router.register(r'invoices', order.InvoiceViewSet)
 orga_router.register(r'scheduled_exports', exporters.ScheduledOrganizerExportViewSet)
 orga_router.register(r'exporters', exporters.OrganizerExportersViewSet, basename='exporters')
 orga_router.register(r'transactions', order.OrganizerTransactionViewSet)
-orga_router.register(r'orderpositions', order.OrganizerOrderPositionViewSet, basename='orderpositions')
 
 team_router = routers.DefaultRouter()
 team_router.register(r'members', organizer.TeamMemberViewSet)
@@ -84,7 +83,7 @@ event_router.register(r'discounts', discount.DiscountViewSet)
 event_router.register(r'quotas', item.QuotaViewSet)
 event_router.register(r'vouchers', voucher.VoucherViewSet)
 event_router.register(r'orders', order.EventOrderViewSet)
-event_router.register(r'orderpositions', order.EventOrderPositionViewSet)
+event_router.register(r'orderpositions', order.OrderPositionViewSet)
 event_router.register(r'transactions', order.TransactionViewSet)
 event_router.register(r'invoices', order.InvoiceViewSet)
 event_router.register(r'revokedsecrets', order.RevokedSecretViewSet, basename='revokedsecrets')

src/pretix/api/views/checkin.py

@@ -188,15 +188,11 @@ class CheckinListViewSet(viewsets.ModelViewSet):
         clist = self.get_object()
         if serializer.validated_data.get('nonce'):
             if kwargs.get('position'):
-                prev = kwargs['position'].all_checkins.filter(
-                    nonce=serializer.validated_data['nonce'],
-                    successful=False
-                ).first()
+                prev = kwargs['position'].all_checkins.filter(nonce=serializer.validated_data['nonce']).first()
             else:
                 prev = clist.checkins.filter(
                     nonce=serializer.validated_data['nonce'],
                     raw_barcode=serializer.validated_data['raw_barcode'],
-                    successful=False
                 ).first()
             if prev:
                 # Ignore because nonce is already handled

src/pretix/api/views/order.py

@@ -57,10 +57,9 @@ from pretix.api.serializers.order import (
     BlockedTicketSecretSerializer, InvoiceSerializer, OrderCreateSerializer,
     OrderPaymentCreateSerializer, OrderPaymentSerializer,
     OrderPositionSerializer, OrderRefundCreateSerializer,
-    OrderRefundSerializer, OrderSerializer, OrganizerOrderPositionSerializer,
-    OrganizerTransactionSerializer, PriceCalcSerializer, PrintLogSerializer,
-    RevokedTicketSecretSerializer, SimulatedOrderSerializer,
-    TransactionSerializer,
+    OrderRefundSerializer, OrderSerializer, OrganizerTransactionSerializer,
+    PriceCalcSerializer, PrintLogSerializer, RevokedTicketSecretSerializer,
+    SimulatedOrderSerializer, TransactionSerializer,
 )
 from pretix.api.serializers.orderchange import (
     BlockNameSerializer, OrderChangeOperationSerializer,
@@ -1066,7 +1065,8 @@ with scopes_disabled():
             }
 
 
-class OrderPositionViewSetMixin:
+class OrderPositionViewSet(viewsets.ModelViewSet):
+    serializer_class = OrderPositionSerializer
     queryset = OrderPosition.all.none()
     filter_backends = (DjangoFilterBackend, RichOrderingFilter)
     ordering = ('order__datetime', 'positionid')
@@ -1087,7 +1087,8 @@ class OrderPositionViewSetMixin:
 
     def get_serializer_context(self):
         ctx = super().get_serializer_context()
-        ctx['pdf_data'] = False
+        ctx['event'] = self.request.event
+        ctx['pdf_data'] = self.request.query_params.get('pdf_data', 'false').lower() == 'true'
         ctx['check_quotas'] = self.request.query_params.get('check_quotas', 'true').lower() == 'true'
         return ctx
 
@@ -1096,8 +1097,9 @@ class OrderPositionViewSetMixin:
             qs = OrderPosition.all
         else:
             qs = OrderPosition.objects
-        qs = qs.filter(order__event__organizer=self.request.organizer)
-        if self.request.query_params.get('pdf_data', 'false').lower() == 'true' and getattr(self.request, 'event', None):
+
+        qs = qs.filter(order__event=self.request.event)
+        if self.request.query_params.get('pdf_data', 'false').lower() == 'true':
             prefetch_related_objects([self.request.organizer], 'meta_properties')
             prefetch_related_objects(
                 [self.request.event],
@@ -1152,9 +1154,9 @@ class OrderPositionViewSetMixin:
             qs = qs.prefetch_related(
                 Prefetch('checkins', queryset=Checkin.objects.select_related("device")),
                 Prefetch('print_logs', queryset=PrintLog.objects.select_related('device')),
-                'answers', 'answers__options', 'answers__question', 'order__event', 'order__event__organizer'
+                'answers', 'answers__options', 'answers__question',
             ).select_related(
-                'item', 'order', 'seat'
+                'item', 'order', 'order__event', 'order__event__organizer', 'seat'
             )
         return qs
 
@@ -1166,45 +1168,6 @@ class OrderPositionViewSetMixin:
                 return prov
         raise NotFound('Unknown output provider.')
 
-
-class OrganizerOrderPositionViewSet(OrderPositionViewSetMixin, viewsets.ReadOnlyModelViewSet):
-    serializer_class = OrganizerOrderPositionSerializer
-
-    def get_queryset(self):
-        qs = super().get_queryset()
-
-        perm = self.permission if self.request.method in SAFE_METHODS else self.write_permission
-
-        if isinstance(self.request.auth, (TeamAPIToken, Device)):
-            auth_obj = self.request.auth
-        elif self.request.user.is_authenticated:
-            auth_obj = self.request.user
-        else:
-            raise PermissionDenied("Unknown authentication scheme")
-
-        qs = qs.filter(
-            order__event__in=auth_obj.get_events_with_permission(perm, request=self.request).filter(
-                organizer=self.request.organizer
-            )
-        )
-
-        return qs
-
-
-class EventOrderPositionViewSet(OrderPositionViewSetMixin, viewsets.ModelViewSet):
-    serializer_class = OrderPositionSerializer
-
-    def get_serializer_context(self):
-        ctx = super().get_serializer_context()
-        ctx['event'] = self.request.event
-        ctx['pdf_data'] = self.request.query_params.get('pdf_data', 'false').lower() == 'true'
-        return ctx
-
-    def get_queryset(self):
-        qs = super().get_queryset()
-        qs = qs.filter(order__event=self.request.event)
-        return qs
-
     @action(detail=True, methods=['POST'], url_name='price_calc')
     def price_calc(self, request, *args, **kwargs):
         """

src/pretix/api/views/organizer.py

@@ -259,14 +259,7 @@ class GiftCardViewSet(viewsets.ModelViewSet):
             action='pretix.giftcards.transaction.manual',
             user=self.request.user,
             auth=self.request.auth,
-            data=merge_dicts(
-                self.request.data,
-                {
-                    'id': inst.pk,
-                    'acceptor_id': self.request.organizer.id,
-                    'acceptor_slug': self.request.organizer.slug
-                }
-            )
+            data=merge_dicts(self.request.data, {'id': inst.pk, 'acceptor_id': self.request.organizer.id})
         )
 
     @transaction.atomic()
@@ -297,11 +290,7 @@ class GiftCardViewSet(viewsets.ModelViewSet):
                 action='pretix.giftcards.transaction.manual',
                 user=self.request.user,
                 auth=self.request.auth,
-                data={
-                    'value': diff,
-                    'acceptor_id': self.request.organizer.id,
-                    'acceptor_slug': self.request.organizer.slug
-                }
+                data={'value': diff, 'acceptor_id': self.request.organizer.id}
             )
 
         return inst
@@ -331,8 +320,7 @@ class GiftCardViewSet(viewsets.ModelViewSet):
             data={
                 'value': value,
                 'text': text,
-                'acceptor_id': self.request.organizer.id,
-                'acceptor_slug': self.request.organizer.slug
+                'acceptor_id': self.request.organizer.id
             }
         )
         return Response(GiftCardSerializer(gc, context=self.get_serializer_context()).data, status=status.HTTP_200_OK)

src/pretix/api/webhooks.py

@@ -183,7 +183,6 @@ class ParametrizedGiftcardWebhookEvent(ParametrizedWebhookEvent):
         return {
             'notification_id': logentry.pk,
             'issuer_id': logentry.organizer_id,
-            'issuer_slug': logentry.organizer.slug,
             'giftcard': giftcard.pk,
             'action': logentry.action_type,
         }
@@ -198,9 +197,7 @@ class ParametrizedGiftcardTransactionWebhookEvent(ParametrizedWebhookEvent):
         return {
             'notification_id': logentry.pk,
             'issuer_id': logentry.organizer_id,
-            'issuer_slug': logentry.organizer.slug,
             'acceptor_id': logentry.parsed_data.get('acceptor_id'),
-            'acceptor_slug': logentry.parsed_data.get('acceptor_slug'),
             'giftcard': giftcard.pk,
             'action': logentry.action_type,
         }
@@ -475,7 +472,7 @@ def register_default_webhook_events(sender, **kwargs):
         ),
         ParametrizedGiftcardTransactionWebhookEvent(
             'pretix.giftcards.transaction.*',
-            _('Gift card used in transaction'),
+            _('Gift card used in transcation'),
         )
     )
 

src/pretix/base/datasync/datasync.py

@@ -216,10 +216,7 @@ class OutboundSyncProvider:
 
             try:
                 mapped_objects = self.sync_order(sq.order)
-                actions_taken = [res and res.sync_info.get("action", "") for res_list in mapped_objects.values() for res in res_list]
-                should_write_logentry = any(action not in (None, "nothing_to_do") for action in actions_taken)
-                logger.info('Synced order %s to %s, actions: %r, log: %r', sq.order.code, sq.sync_provider, actions_taken, should_write_logentry)
-                if should_write_logentry:
+                if not all(all(not res or res.sync_info.get("action", "") == "nothing_to_do" for res in res_list) for res_list in mapped_objects.values()):
                     sq.order.log_action("pretix.event.order.data_sync.success", {
                         "provider": self.identifier,
                         "objects": {
@@ -240,7 +237,7 @@ class OutboundSyncProvider:
                     sq.set_sync_error("exceeded", e.messages, e.full_message)
                 else:
                     logger.info(
-                        f"Could not sync order {sq.order.code} to {sq.sync_provider} "
+                        f"Could not sync order {sq.order.code} to {type(self).__name__} "
                         f"(transient error, attempt #{sq.failed_attempts}, next {sq.not_before})",
                         exc_info=True,
                     )

src/pretix/base/exporters/orderlist.py

@@ -651,7 +651,6 @@ class OrderListExporter(MultiSheetListExporter):
             pgettext('address', 'State'),
             _('Voucher'),
             _('Voucher budget usage'),
-            _('Voucher tag'),
             _('Pseudonymization ID'),
             _('Ticket secret'),
             _('Seat ID'),
@@ -770,7 +769,6 @@ class OrderListExporter(MultiSheetListExporter):
                     op.state_for_address or '',
                     op.voucher.code if op.voucher else '',
                     op.voucher_budget_use if op.voucher_budget_use else '',
-                    op.voucher.tag if op.voucher else '',
                     op.pseudonymization_id,
                     op.secret,
                 ]

src/pretix/base/forms/widgets.py

@@ -42,8 +42,6 @@ from django.utils.html import escape
 from django.utils.timezone import get_current_timezone, now
 from django.utils.translation import gettext_lazy as _
 
-from pretix.helpers.format import PlainHtmlAlternativeString
-
 
 def replace_arabic_numbers(inp):
     if not isinstance(inp, str):
@@ -63,18 +61,11 @@ def replace_arabic_numbers(inp):
     return inp.translate(table)
 
 
-def format_placeholder_help_text(placeholder_name, sample_value):
-    if isinstance(sample_value, PlainHtmlAlternativeString):
-        sample_value = sample_value.plain
-    title = (_("Sample: %s") % sample_value) if sample_value else ""
-    return ('<button type="button" class="content-placeholder" title="%s">{%s}</button>' % (escape(title), escape(placeholder_name)))
-
-
 def format_placeholders_help_text(placeholders, event=None):
     placeholders = [(k, v.render_sample(event) if event else v) for k, v in placeholders.items()]
     placeholders.sort(key=lambda x: x[0])
     phs = [
-        format_placeholder_help_text(k, v)
+        '<button type="button" class="content-placeholder" title="%s">{%s}</button>' % (escape(_("Sample: %s") % v) if v else "", escape(k))
         for k, v in placeholders
     ]
     return _('Available placeholders: {list}').format(

src/pretix/base/invoicing/pdf.py

@@ -148,10 +148,6 @@ class NumberedCanvas(Canvas):
         self.restoreState()
 
 
-class InvoiceNotReadyException(Exception):
-    pass
-
-
 class BaseInvoiceRenderer:
     """
     This is the base class for all invoice renderers.

src/pretix/base/modelimport_vouchers.py

@@ -132,7 +132,7 @@ class AllowIgnoreQuotaColumn(BooleanColumnMixin, ImportColumn):
 
 class PriceModeColumn(ImportColumn):
     identifier = 'price_mode'
-    verbose_name = gettext_lazy('Price effect')
+    verbose_name = gettext_lazy('Price mode')
     default_value = None
     initial = 'static:none'
 
@@ -147,7 +147,7 @@ class PriceModeColumn(ImportColumn):
         elif value in reverse:
             return reverse[value]
         else:
-            raise ValidationError(_("Could not parse {value} as a price effect, use one of {options}.").format(
+            raise ValidationError(_("Could not parse {value} as a price mode, use one of {options}.").format(
                 value=value, options=', '.join(d.keys())
             ))
 
@@ -162,7 +162,7 @@ class ValueColumn(DecimalColumnMixin, ImportColumn):
     def clean(self, value, previous_values):
         value = super().clean(value, previous_values)
         if value and previous_values.get("price_mode") == "none":
-            raise ValidationError(_("It is pointless to set a value without a price effect."))
+            raise ValidationError(_("It is pointless to set a value without a price mode."))
         return value
 
     def assign(self, value, obj: Voucher, **kwargs):

src/pretix/base/models/auth.py

@@ -346,8 +346,7 @@ class User(AbstractBaseUser, PermissionsMixin, LoggingMixin):
             {
                 'user': self,
                 'messages': msg,
-                'url': build_absolute_uri('control:user.settings'),
-                'instance': settings.PRETIX_INSTANCE_NAME,
+                'url': build_absolute_uri('control:user.settings')
             },
             event=None,
             user=self,
@@ -392,7 +391,6 @@ class User(AbstractBaseUser, PermissionsMixin, LoggingMixin):
                 'user': self,
                 'reason': msg,
                 'code': code,
-                'instance': settings.PRETIX_INSTANCE_NAME,
             },
             event=None,
             user=self,
@@ -432,7 +430,6 @@ class User(AbstractBaseUser, PermissionsMixin, LoggingMixin):
         mail(
             self.email, _('Password recovery'), 'pretixcontrol/email/forgot.txt',
             {
-                'instance': settings.PRETIX_INSTANCE_NAME,
                 'user': self,
                 'url': (build_absolute_uri('control:auth.forgot.recover')
                         + '?id=%d&token=%s' % (self.id, default_token_generator.make_token(self)))

src/pretix/base/models/datasync.py

@@ -86,7 +86,7 @@ class OrderSyncQueue(models.Model):
 
     def set_sync_error(self, failure_mode, messages, full_message):
         logger.exception(
-            f"Could not sync order {self.order.code} to {self.sync_provider} ({failure_mode})"
+            f"Could not sync order {self.order.code} to {type(self).__name__} ({failure_mode})"
         )
         self.order.log_action(f"pretix.event.order.data_sync.failed.{failure_mode}", {
             "provider": self.sync_provider,

src/pretix/base/models/vouchers.py

@@ -239,7 +239,7 @@ class Voucher(LoggedModel):
         )
     )
     price_mode = models.CharField(
-        verbose_name=_("Price effect"),
+        verbose_name=_("Price mode"),
         max_length=100,
         choices=PRICE_MODES,
         default='none'

src/pretix/base/models/waitinglist.py

@@ -181,11 +181,10 @@ class WaitingListEntry(LoggedModel):
                 block_quota=True,
                 item_id=self.item_id,
                 subevent_id=self.subevent_id,
-                waitinglistentries__isnull=False,
-                seat__isnull=True
+                waitinglistentries__isnull=False
             ).aggregate(free=Sum(F('max_usages') - F('redeemed')))['free'] or 0
             free_seats = num_free_seats_for_product - num_valid_vouchers_for_product
-            if free_seats < 1:
+            if not free_seats:
                 raise WaitingListException(_('No seat with this product is currently available.'))
 
         if '@' not in self.email:

src/pretix/base/payment.py

@@ -1650,8 +1650,7 @@ class GiftCardPayment(BasePaymentProvider):
                     action='pretix.giftcards.transaction.payment',
                     data={
                         'value': trans.value,
-                        'acceptor_id': self.event.organizer.id,
-                        'acceptor_slug': self.event.organizer.slug
+                        'acceptor_id': self.event.organizer.id
                     }
                 )
         except PaymentException as e:
@@ -1683,7 +1682,6 @@ class GiftCardPayment(BasePaymentProvider):
             data={
                 'value': refund.amount,
                 'acceptor_id': self.event.organizer.id,
-                'acceptor_slug': self.event.organizer.slug,
                 'text': refund.comment,
             }
         )

src/pretix/base/services/invoices.py

@@ -51,7 +51,6 @@ from django_scopes import scope, scopes_disabled
 from i18nfield.strings import LazyI18nString
 
 from pretix.base.i18n import language
-from pretix.base.invoicing.pdf import InvoiceNotReadyException
 from pretix.base.invoicing.transmission import (
     get_transmission_types, transmission_providers,
 )
@@ -505,7 +504,7 @@ def generate_invoice(order: Order, trigger_pdf=True):
     return invoice
 
 
-@app.task(base=TransactionAwareTask, throws=(InvoiceNotReadyException,))
+@app.task(base=TransactionAwareTask)
 def invoice_pdf_task(invoice: int):
     with scopes_disabled():
         i = Invoice.objects.get(pk=invoice)

src/pretix/base/services/mail.py

@@ -389,7 +389,7 @@ def mail_send_task(self, **kwargs) -> bool:
         # mail_send_task(self, *, outgoing_mail)
         with scopes_disabled():
             mail_send(**kwargs)
-        return False
+        return
     else:
         raise ValueError("Unknown arguments")
 
@@ -409,18 +409,6 @@ def mail_send_task(self, **kwargs) -> bool:
         outgoing_mail.inflight_since = now()
         outgoing_mail.save(update_fields=["status", "inflight_since"])
 
-    # Performance optimization, saves database queries later on if we resolve the known relationships
-    if outgoing_mail.event_id:
-        assert outgoing_mail.event.organizer_id == outgoing_mail.organizer.pk
-        outgoing_mail.event.organizer = outgoing_mail.organizer
-    if outgoing_mail.order_id:
-        assert outgoing_mail.order.event_id == outgoing_mail.event_id
-        outgoing_mail.order.event = outgoing_mail.event
-        outgoing_mail.order.organizer = outgoing_mail.organizer
-    if outgoing_mail.orderposition_id:
-        assert outgoing_mail.orderposition.order_id == outgoing_mail.order_id
-        outgoing_mail.orderposition.order = outgoing_mail.order
-
     headers = dict(outgoing_mail.headers)
     headers.setdefault('X-PX-Correlation', str(outgoing_mail.guid))
     email = CustomEmail(
@@ -455,24 +443,15 @@ def mail_send_task(self, **kwargs) -> bool:
                         content = ct.file.read()
                         args.append((name, content, ct.type))
                         attach_size += len(content)
-                    except Exception as e:
+                    except Exception:
                         # This sometimes fails e.g. with FileNotFoundError. We haven't been able to figure out
                         # why (probably some race condition with ticket cache invalidation?), so retry later.
                         try:
-                            logger.exception(f'Could not attach tickets to email {outgoing_mail.guid}, will retry')
-                            retry_after = 60
-                            outgoing_mail.error = "Tickets not ready"
-                            outgoing_mail.error_detail = str(e)
-                            outgoing_mail.sent = now()
-                            outgoing_mail.status = OutgoingMail.STATUS_AWAITING_RETRY
-                            outgoing_mail.retry_after = now() + timedelta(seconds=retry_after)
-                            outgoing_mail.save(update_fields=["status", "error", "error_detail", "sent", "retry_after",
-                                                              "actual_attachments"])
-                            self.retry(max_retries=5, countdown=retry_after)
+                            self.retry(max_retries=5, countdown=60)
                         except MaxRetriesExceededError:
                             # Well then, something is really wrong, let's send it without attachment before we
                             # don't send at all
-                            logger.exception(f'Too many retries attaching tickets to email {outgoing_mail.guid}, skip attachment')
+                            logger.exception(f'Could not attach tickets to email {outgoing_mail.guid}')
                             pass
 
                 if attach_size * 1.37 < settings.FILE_UPLOAD_MAX_SIZE_EMAIL_ATTACHMENT - 1024 * 1024:

src/pretix/base/services/orders.py

@@ -253,8 +253,7 @@ def reactivate_order(order: Order, force: bool=False, user: User=None, auth=None
                         auth=auth,
                         data={
                             'value': position.price,
-                            'acceptor_id': order.event.organizer.id,
-                            'acceptor_slug': order.event.organizer.slug
+                            'acceptor_id': order.event.organizer.id
                         }
                     )
                     break
@@ -564,7 +563,6 @@ def _cancel_order(order, user=None, send_mail: bool=True, api_token=None, device
                         data={
                             'value': -position.price,
                             'acceptor_id': order.event.organizer.id,
-                            'acceptor_slug': order.event.organizer.slug
                         }
                     )
 
@@ -2459,8 +2457,7 @@ class OrderChangeManager:
                             auth=self.auth,
                             data={
                                 'value': -position.price,
-                                'acceptor_id': self.order.event.organizer.id,
-                                'acceptor_slug': self.order.event.organizer.slug
+                                'acceptor_id': self.order.event.organizer.id
                             }
                         )
 
@@ -2486,8 +2483,7 @@ class OrderChangeManager:
                                 auth=self.auth,
                                 data={
                                     'value': -opa.position.price,
-                                    'acceptor_id': self.order.event.organizer.id,
-                                    'acceptor_slug': self.order.event.organizer.slug
+                                    'acceptor_id': self.order.event.organizer.id
                                 }
                             )
 
@@ -3457,7 +3453,6 @@ def signal_listener_issue_giftcards(sender: Event, order: Order, **kwargs):
                     data={
                         'value': trans.value,
                         'acceptor_id': order.event.organizer.id,
-                        'acceptor_slug': order.event.organizer.slug
                     }
                 )
                 any_giftcards = True

src/pretix/base/services/placeholders.py

@@ -24,7 +24,6 @@ import logging
 from datetime import timedelta
 from decimal import Decimal
 
-from django.db.models import Prefetch, prefetch_related_objects
 from django.dispatch import receiver
 from django.utils.formats import date_format
 from django.utils.html import escape, mark_safe
@@ -36,7 +35,6 @@ from pretix.base.forms.widgets import format_placeholders_help_text
 from pretix.base.i18n import (
     LazyCurrencyNumber, LazyDate, LazyExpiresDate, LazyNumber,
 )
-from pretix.base.models import EventMetaValue
 from pretix.base.reldate import RelativeDateWrapper
 from pretix.base.settings import PERSON_NAME_SCHEMES, get_name_parts_localized
 from pretix.base.signals import (
@@ -754,11 +752,6 @@ def base_placeholders(sender, **kwargs):
             name_scheme['sample'][f]
         ))
 
-    prefetch_related_objects(
-        [sender],
-        Prefetch('meta_values', queryset=EventMetaValue.objects.select_related("property"), to_attr="meta_values_cached")
-    )
-    prefetch_related_objects([sender.organizer], Prefetch('meta_properties'))
     for k, v in sender.meta_data.items():
         ph.append(MarkdownTextPlaceholder(
             'meta_%s' % k, ['event'], lambda event, k=k: event.meta_data[k],

src/pretix/base/services/shredder.py

@@ -176,7 +176,6 @@ def shred(self, event: Event, fileid: str, confirm_code: str, user: int=None, lo
                 _('Data shredding completed'),
                 'pretixbase/email/shred_completed.txt',
                 {
-                    'instance': settings.PRETIX_INSTANCE_NAME,
                     'user': user,
                     'organizer': event.organizer.name,
                     'event': str(event.name),

src/pretix/base/templates/pretixbase/email/shred_completed.txt

@@ -13,5 +13,5 @@ Start time: {{ start_time }} (new data added after this time might not have been
 
 Best regards,
 
-Your {{ instance }} team
+Your pretix team
 {% endblocktrans %}

src/pretix/base/templatetags/anonymize_email.py

@@ -1,34 +0,0 @@
-#
-# This file is part of pretix (Community Edition).
-#
-# Copyright (C) 2014-2020  Raphael Michel and contributors
-# Copyright (C) 2020-today pretix GmbH and contributors
-#
-# This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General
-# Public License as published by the Free Software Foundation in version 3 of the License.
-#
-# ADDITIONAL TERMS APPLY: Pursuant to Section 7 of the GNU Affero General Public License, additional terms are
-# applicable granting you additional permissions and placing additional restrictions on your usage of this software.
-# Please refer to the pretix LICENSE file to obtain the full terms applicable to this work. If you did not receive
-# this file, see <https://pretix.eu/about/en/license>.
-#
-# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
-# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more
-# details.
-#
-# You should have received a copy of the GNU Affero General Public License along with this program.  If not, see
-# <https://www.gnu.org/licenses/>.
-#
-from django import template
-from django.utils.html import mark_safe
-
-register = template.Library()
-
-
-@register.filter("anon_email")
-def anon_email(value):
-    """Replaces @ with [at] and . with [dot] for anonymization."""
-    if not isinstance(value, str):
-        return value
-    value = value.replace("@", "[at]").replace(".", "[dot]")
-    return mark_safe(''.join(['&#{0};'.format(ord(char)) for char in value]))

src/pretix/base/timeframes.py

@@ -423,7 +423,7 @@ def resolve_timeframe_to_dates_inclusive(ref_dt, frame, timezone) -> Tuple[Optio
     raise ValueError(f"Invalid timeframe '{frame}'")
 
 
-def resolve_timeframe_to_datetime_start_inclusive_end_exclusive(ref_dt, frame, timezone) -> Tuple[Optional[datetime], Optional[datetime]]:
+def resolve_timeframe_to_datetime_start_inclusive_end_exclusive(ref_dt, frame, timezone) -> Tuple[Optional[date], Optional[date]]:
     """
     Given a serialized timeframe, evaluate it relative to `ref_dt` and return a tuple of datetimes
     where the first element ist the first possible datetime within the timeframe and the second

src/pretix/control/forms/waitinglist.py

@@ -19,44 +19,17 @@
 # You should have received a copy of the GNU Affero General Public License along with this program.  If not, see
 # <https://www.gnu.org/licenses/>.
 #
-from django import forms
 from django.urls import reverse
-from django.utils.translation import gettext_lazy as _
 from django_scopes.forms import SafeModelChoiceField
-from phonenumber_field.formfields import PhoneNumberField
 
 from pretix.base.forms import I18nModelForm
-from pretix.base.forms.questions import (
-    NamePartsFormField, WrappedPhoneNumberPrefixWidget,
-)
 from pretix.base.models import WaitingListEntry
 from pretix.control.forms.widgets import Select2
 
 
-class WaitingListEntryEditForm(I18nModelForm):
-    itemvar = forms.ChoiceField(
-        error_messages={
-            'invalid_choice': _("Select a valid choice.")
-        }
-    )
+class WaitingListEntryTransferForm(I18nModelForm):
 
     def __init__(self, *args, **kwargs):
-        self.instance = kwargs.get('instance', None)
-        initial = kwargs.get('initial', {})
-
-        choices = []
-        if self.instance and self.instance.pk and 'itemvar' not in initial:
-            if self.instance.variation is not None:
-                initial['itemvar'] = f'{self.instance.item.pk}-{self.instance.variation.pk}'
-                if self.instance.variation.active is False:
-                    choices.append((initial['itemvar'], str(self.instance.variation)))
-            else:
-                initial['itemvar'] = self.instance.item.pk
-                if self.instance.item.active is False:
-                    choices.append((initial['itemvar'], str(self.instance)))
-
-        kwargs['initial'] = initial
-
         super().__init__(*args, **kwargs)
 
         if self.event.has_subevents:
@@ -72,73 +45,12 @@ class WaitingListEntryEditForm(I18nModelForm):
                 }
             )
             self.fields['subevent'].widget.choices = self.fields['subevent'].choices
-        else:
-            del self.fields['subevent']
-
-        if self.event.settings.waiting_list_names_asked:
-            self.fields['name_parts'] = NamePartsFormField(
-                max_length=255,
-                required=self.event.settings.waiting_list_names_required,
-                scheme=self.event.organizer.settings.name_scheme,
-                titles=self.event.organizer.settings.name_scheme_titles,
-                label=_('Name'),
-            )
-        else:
-            del self.fields['name_parts']
-
-        if not self.event.settings.waiting_list_phones_asked:
-            del self.fields['phone']
-
-        items = self.event.items.filter(active=True).prefetch_related(
-            'variations'
-        )
-
-        for item in items:
-            if len(item.variations.all()) > 0:
-                for variation in item.variations.all():
-                    if variation.active:
-                        choices.append(
-                            ('{}-{}'.format(item.pk, variation.pk), '{} - {}'.format(str(item), str(variation)))
-                        )
-            else:
-                choices.append(('{}'.format(item.pk), str(item)))
-
-        self.fields['itemvar'].label = _("Product")
-        self.fields['itemvar'].help_text = _("Only includes active products.")
-        self.fields['itemvar'].required = True
-        self.fields['itemvar'].choices = choices
-
-    def clean(self):
-        cleaned_data = super().clean()
-
-        if self.instance.voucher is not None:
-            raise forms.ValidationError(_('A voucher for this waiting list entry was already sent out.'))
-
-        itemvar = cleaned_data.get('itemvar')
-        if itemvar:
-            self.instance.item = self.event.items.get(pk=itemvar.split('-')[0])
-            if '-' in itemvar:
-                self.instance.variation = self.instance.item.variations.get(pk=itemvar.split('-')[1])
-
-        if ((self.instance.item and not self.instance.item.active) or
-                (self.instance.variation and not self.instance.variation.active)):
-            self.add_error('itemvar', _('The selected product is not active.'))
-
-        return cleaned_data
 
     class Meta:
         model = WaitingListEntry
         fields = [
-            'email',
-            'name_parts',
-            'phone',
             'subevent',
         ]
         field_classes = {
             'subevent': SafeModelChoiceField,
-            'email': forms.EmailField,
-            'phone': PhoneNumberField,
-        }
-        widgets = {
-            'phone': WrappedPhoneNumberPrefixWidget,
         }

src/pretix/control/logdisplay.py

@@ -518,7 +518,6 @@ def pretixcontrol_orderposition_blocked_display(sender: Event, orderposition, bl
         'The order requires approval before it can continue to be processed.'),
     'pretix.event.order.approved': _('The order has been approved.'),
     'pretix.event.order.denied': _('The order has been denied (comment: "{comment}").'),
-    'pretix.event.order.vatid.validated': _('The customer VAT ID has been verified.'),
     'pretix.event.order.contact.changed': _('The email address has been changed from "{old_email}" '
                                             'to "{new_email}".'),
     'pretix.event.order.contact.confirmed': _(

src/pretix/control/templates/pretixcontrol/auth/login.html

@@ -19,14 +19,6 @@
             </ul>
             <br>
         {% endif %}
-        {% if possible_cookie_problem %}
-            <div class="alert alert-warning">
-                {% blocktrans trimmed %}
-                    It looks like your browser is not accepting our cookie and you need to log in repeatedly. Please
-                    check if your browser is set to block cookies, or delete all existing cookies and retry.
-                {% endblocktrans %}
-            </div>
-        {% endif %}
         {% csrf_token %}
         {% bootstrap_form form %}
         <div class="form-group buttons">

src/pretix/control/templates/pretixcontrol/email/confirmation_code.txt

@@ -9,5 +9,5 @@ Please do never give this code to another person. Our support team will never as
 If this code was not requested by you, please contact us immediately.
 
 Best regards,
-Your {{ instance }} team
+Your pretix team
 {% endblocktrans %}

src/pretix/control/templates/pretixcontrol/email/forgot.txt

@@ -5,5 +5,5 @@ you requested a new password. Please go to the following page to reset your pass
 {{ url }}
 
 Best regards,  
-Your {{ instance }} team
-{% endblocktrans %}
+Your pretix team
+{% endblocktrans %}

src/pretix/control/templates/pretixcontrol/email/invitation.txt

@@ -1,6 +1,6 @@
 {% load i18n %}{% blocktrans with url=url|safe %}Hello,
 
-you have been invited to a team on {{ instance }}, a platform to perform event
+you have been invited to a team on pretix, a platform to perform event
 ticket sales.
 
 Organizer: {{ organizer }}
@@ -13,5 +13,5 @@ If you do not want to join, you can safely ignore or delete this email.
 
 Best regards,  
 
-Your {{ instance }} team
+Your pretix team
 {% endblocktrans %}

src/pretix/control/templates/pretixcontrol/email/security_notice.txt

@@ -1,6 +1,6 @@
 {% load i18n %}{% blocktrans with url=url|safe messages=messages|safe %}Hello,
 
-this is to inform you that the account information of your {{ instance }} account has been
+this is to inform you that the account information of your pretix account has been
 changed. In particular, the following changes have been performed:
 
 {{ messages }}
@@ -12,5 +12,5 @@ You can review and change your account settings here:
 {{ url }}
 
 Best regards,  
-Your {{ instance }} team
+Your pretix team
 {% endblocktrans %}

src/pretix/control/templates/pretixcontrol/user/2fa_main.html

@@ -144,23 +144,14 @@
         </div>
         <div class="panel-body">
             <p>
-                {% blocktrans trimmed %}
-                    If you lose access to your devices, you can use one of your emergency tokens to log in.
-                    We recommend to store them in a safe place, e.g. printed out or in a password manager.
-                    Every token can be used at most once.
-                {% endblocktrans %}
+                {% trans "If you lose access to your devices, you can use one of the following keys to log in. We recommend to store them in a safe place, e.g. printed out or in a password manager. Every token can be used at most once." %}
             </p>
-            {% if static_tokens_device %}
-                <p>
-                    {% blocktrans trimmed with generation_date_time=static_tokens_device.created_at %}
-                        You generated your emergency tokens on {{ generation_date_time }}.
-                    {% endblocktrans %}
-                </p>
-            {% else %}
-                <p>
-                    {% trans "You don't have any emergency tokens yet." %}
-                </p>
-            {% endif %}
+            <p>{% trans "Unused tokens:" %}</p>
+            <ul>
+                {% for t in static_tokens %}
+                    <li><code>{{ t.token }}</code></li>
+                {% endfor %}
+            </ul>
             <a href="{% url "control:user.settings.2fa.regenemergency" %}" class="btn btn-default">
                 <span class="fa fa-refresh"></span>
                 {% trans "Generate new emergency tokens" %}

src/pretix/control/templates/pretixcontrol/waitinglist/edit.html

@@ -1,33 +0,0 @@
-{% extends "pretixcontrol/event/base.html" %}
-{% load i18n %}
-{% load bootstrap3 %}
-{% block title %}{% trans "Edit entry" %}{% endblock %}
-{% block content %}
-    <h1>{% trans "Edit entry" %}</h1>
-    <form action="" method="post" class="form-horizontal">
-        {% csrf_token %}
-
-        {% if form.subevent %}
-            {% bootstrap_field form.subevent layout="control" %}
-        {% endif %}
-
-        {% bootstrap_field form.email layout="control" %}
-
-        {% if form.name_parts %}
-            {% bootstrap_field form.name_parts layout="control" %}
-        {% endif %}
-
-        {% if form.phone %}
-            {% bootstrap_field form.phone layout="control" %}
-        {% endif %}
-        {% bootstrap_field form.itemvar layout="control" %}
-        <div class="form-group submit-group">
-            <a href="{% url "control:event.orders.waitinglist" organizer=request.event.organizer.slug event=request.event.slug %}" class="btn btn-default btn-cancel">
-                {% trans "Cancel" %}
-            </a>
-            <button type="submit" class="btn btn-primary btn-save">
-                {% trans "Save" %}
-            </button>
-        </div>
-    </form>
-{% endblock %}

src/pretix/control/templates/pretixcontrol/waitinglist/index.html

@@ -124,7 +124,6 @@
                 </option>
             {% endfor %}
         </select>
-        <input name="search" type="text" placeholder="{% trans "Search" %}" class="form-control" value="{{ request.GET.search }}">
         {% if request.event.has_subevents %}
             <select name="subevent" class="form-control">
                 <option value="">{% trans "All dates" context "subevent" %}</option>
@@ -268,13 +267,13 @@
                                     data-toggle="tooltip" title="{% trans "Move to the end of the list" %}">
                                     <span class="fa fa-thumbs-down"></span>
                                 </button>
-
-                                <a href="{% url "control:event.orders.waitinglist.edit" organizer=request.event.organizer.slug event=request.event.slug entry=e.id %}"
-                                   class="btn btn-default btn-sm" title="{% trans "Edit entry" %}"
-                                    data-toggle="tooltip">
-                                    <i class="fa fa-edit" aria-hidden="true"></i>
-                                </a>
-
+                                {% if request.event.has_subevents %}
+                                    <a href="{% url "control:event.orders.waitinglist.transfer" organizer=request.event.organizer.slug event=request.event.slug entry=e.id %}"
+                                       class="btn btn-default btn-sm" title="{% trans "Transfer to other date" context "subevent" %}"
+                                        data-toggle="tooltip">
+                                        <i class="fa fa-calendar" aria-hidden="true"></i>
+                                    </a>
+                                {% endif %}
                                 <a href="{% url "control:event.orders.waitinglist.delete" organizer=request.event.organizer.slug event=request.event.slug entry=e.id %}?next={{ request.get_full_path|urlencode }}" class="btn btn-danger btn-sm"><i class="fa fa-trash"></i></a>
                             {% else %}
                                 <button class="btn btn-default btn-sm disabled">

src/pretix/control/templates/pretixcontrol/waitinglist/transfer.html

@@ -0,0 +1,23 @@
+{% extends "pretixcontrol/event/base.html" %}
+{% load i18n %}
+{% load bootstrap3 %}
+{% block title %}{% trans "Transfer entry" %}{% endblock %}
+{% block content %}
+    <h1>{% trans "Transfer entry" %}</h1>
+    <form action="" method="post" class="form-horizontal">
+        {% csrf_token %}
+        <p>{% blocktrans trimmed context "subevent" %}
+            Please select the date to which the following waiting list entry should be
+            transferred: <strong>{{ entry }}</strong>?
+        {% endblocktrans %}</p>
+        {% bootstrap_field form.subevent layout="control" %}
+        <div class="form-group submit-group">
+            <a href="{% url "control:event.orders.waitinglist" organizer=request.event.organizer.slug event=request.event.slug %}" class="btn btn-default btn-cancel">
+                {% trans "Cancel" %}
+            </a>
+            <button type="submit" class="btn btn-primary btn-save">
+                {% trans "Transfer" %}
+            </button>
+        </div>
+    </form>
+{% endblock %}

src/pretix/control/urls.py

@@ -480,8 +480,8 @@ urlpatterns = [
         re_path(r'^waitinglist/auto_assign$', waitinglist.AutoAssign.as_view(), name='event.orders.waitinglist.auto'),
         re_path(r'^waitinglist/(?P<entry>\d+)/delete$', waitinglist.EntryDelete.as_view(),
                 name='event.orders.waitinglist.delete'),
-        re_path(r'^waitinglist/(?P<entry>\d+)/edit$', waitinglist.EntryEdit.as_view(),
-                name='event.orders.waitinglist.edit'),
+        re_path(r'^waitinglist/(?P<entry>\d+)/transfer$', waitinglist.EntryTransfer.as_view(),
+                name='event.orders.waitinglist.transfer'),
         re_path(r'^checkins/$', checkin.CheckinListView.as_view(), name='event.orders.checkins'),
         re_path(r'^checkinlists/$', checkin.CheckinListList.as_view(), name='event.orders.checkinlists'),
         re_path(r'^checkinlists/add$', checkin.CheckinListCreate.as_view(), name='event.orders.checkinlists.add'),

src/pretix/control/views/auth.py

@@ -149,8 +149,6 @@ def login(request):
             return process_login(request, form.user_cache, form.cleaned_data.get('keep_logged_in', False))
     else:
         form = LoginForm(backend=backend, request=request)
-        # Detect redirection loop (usually means cookie not accepted)
-        ctx['possible_cookie_problem'] = request.path in request.headers.get("Referer", "")
     ctx['form'] = form
     ctx['can_register'] = settings.PRETIX_REGISTRATION
     ctx['can_reset'] = settings.PRETIX_PASSWORD_RESET

src/pretix/control/views/event.py

@@ -870,15 +870,11 @@ class MailSettingsPreview(EventPermissionRequiredMixin, View):
                                 )
 
                         except ValueError:
-                            msgs[self.supported_locale[idx]] = format_html(
-                                '<div class="alert alert-danger">{}</div>',
-                                PlaceholderValidator.error_message
-                            )
+                            msgs[self.supported_locale[idx]] = '<div class="alert alert-danger">{}</div>'.format(
+                                PlaceholderValidator.error_message)
                         except KeyError as e:
-                            msgs[self.supported_locale[idx]] = format_html(
-                                '<div class="alert alert-danger">{}</div>',
-                                _('Invalid placeholder: {%(value)s}') % {'value': e.args[0]}
-                            )
+                            msgs[self.supported_locale[idx]] = '<div class="alert alert-danger">{}</div>'.format(
+                                _('Invalid placeholder: {%(value)s}') % {'value': e.args[0]})
 
         return JsonResponse({
             'item': preview_item,

src/pretix/control/views/orders.py

@@ -1641,17 +1641,9 @@ class OrderCheckVATID(OrderView):
 
             try:
                 normalized_id = validate_vat_id(ia.vat_id, str(ia.country))
-                with transaction.atomic():
-                    ia.vat_id_validated = True
-                    ia.vat_id = normalized_id
-                    ia.save()
-                    self.order.log_action(
-                        'pretix.event.order.vatid.validated',
-                        data={
-                            'vat_id': normalized_id,
-                        },
-                        user=self.request.user,
-                    )
+                ia.vat_id_validated = True
+                ia.vat_id = normalized_id
+                ia.save()
             except VATIDFinalError as e:
                 messages.error(self.request, e.message)
             except VATIDTemporaryError:

src/pretix/control/views/organizer.py

@@ -1039,10 +1039,9 @@ class TeamMemberView(OrganizerDetailViewMixin, OrganizerPermissionRequiredMixin,
     def _send_invite(self, instance):
         mail(
             instance.email,
-            _('Account invitation'),
+            _('pretix account invitation'),
             'pretixcontrol/email/invitation.txt',
             {
-                'instance': settings.PRETIX_INSTANCE_NAME,
                 'user': self,
                 'organizer': self.request.organizer.name,
                 'team': instance.team.name,
@@ -1851,8 +1850,7 @@ class GiftCardDetailView(OrganizerDetailViewMixin, OrganizerPermissionRequiredMi
                         data={
                             'value': value,
                             'text': request.POST.get('text'),
-                            'acceptor_id': self.request.organizer.id,
-                            'acceptor_slug': self.request.organizer.slug
+                            'acceptor_id': self.request.organizer.id
                         },
                         user=self.request.user,
                     )
@@ -1915,8 +1913,7 @@ class GiftCardCreateView(OrganizerDetailViewMixin, OrganizerPermissionRequiredMi
                 user=self.request.user,
                 data={
                     'value': form.cleaned_data['value'],
-                    'acceptor_id': self.request.organizer.id,
-                    'acceptor_slug': self.request.organizer.slug
+                    'acceptor_id': self.request.organizer.id
                 }
             )
         return redirect(reverse(

src/pretix/control/views/user.py

@@ -49,14 +49,12 @@ from django.db import transaction
 from django.shortcuts import get_object_or_404, redirect
 from django.urls import reverse
 from django.utils.crypto import get_random_string
-from django.utils.decorators import method_decorator
 from django.utils.functional import cached_property
 from django.utils.html import format_html
 from django.utils.http import url_has_allowed_host_and_scheme
 from django.utils.timezone import now
 from django.utils.translation import gettext_lazy as _
 from django.views import View
-from django.views.decorators.cache import never_cache
 from django.views.generic import FormView, ListView, TemplateView, UpdateView
 from django_otp.plugins.otp_static.models import StaticDevice
 from django_otp.plugins.otp_totp.models import TOTPDevice
@@ -87,9 +85,8 @@ logger = logging.getLogger(__name__)
 
 
 class RecentAuthenticationRequiredMixin:
-    max_time = 900
+    max_time = 3600
 
-    @method_decorator(never_cache)
     def dispatch(self, request, *args, **kwargs):
         tdelta = time.time() - request.session.get('pretix_auth_login_time', 0)
         if tdelta > self.max_time:
@@ -292,13 +289,16 @@ class User2FAMainView(RecentAuthenticationRequiredMixin, TemplateView):
         ctx = super().get_context_data()
 
         try:
-            ctx['static_tokens_device'] = StaticDevice.objects.get(user=self.request.user, name='emergency')
+            ctx['static_tokens'] = StaticDevice.objects.get(user=self.request.user, name='emergency').token_set.all()
         except StaticDevice.MultipleObjectsReturned:
-            ctx['static_tokens_device'] = StaticDevice.objects.filter(
+            ctx['static_tokens'] = StaticDevice.objects.filter(
                 user=self.request.user, name='emergency'
-            ).first()
+            ).first().token_set.all()
         except StaticDevice.DoesNotExist:
-            ctx['static_tokens_device'] = None
+            d = StaticDevice.objects.create(user=self.request.user, name='emergency')
+            for i in range(10):
+                d.token_set.create(token=get_random_string(length=12, allowed_chars='1234567890'))
+            ctx['static_tokens'] = d.token_set.all()
 
         ctx['devices'] = []
         for dt in REAL_DEVICE_TYPES:
@@ -630,14 +630,8 @@ class User2FARegenerateEmergencyView(RecentAuthenticationRequiredMixin, Template
         ])
         self.request.user.update_session_token()
         update_session_auth_hash(self.request, self.request.user)
-        messages.success(
-            request,
-            _('Your emergency codes have been newly generated. Remember to store them in a safe '
-              'place in case you lose access to your devices. You will not be able to view them '
-              'again here.\n\nYour emergency codes:\n{tokens}').format(
-                tokens='- ' + '\n- '.join(t.token for t in d.token_set.all())
-            )
-        )
+        messages.success(request, _('Your emergency codes have been newly generated. Remember to store them in a safe '
+                                    'place in case you lose access to your devices.'))
         return redirect(reverse('control:user.settings.2fa'))
 
 

src/pretix/control/views/vouchers.py

@@ -131,7 +131,7 @@ class VoucherList(PaginationMixin, EventPermissionRequiredMixin, ListView):
             elif v.quota:
                 prod = _('Any product in quota "{quota}"').format(quota=str(v.quota.name))
             else:
-                prod = ""
+                prod = _('Any product')
             row = [
                 v.code,
                 v.valid_until.isoformat() if v.valid_until else "",

src/pretix/control/views/waitinglist.py

@@ -53,7 +53,7 @@ from pretix.base.models import Item, LogEntry, Quota, WaitingListEntry
 from pretix.base.models.waitinglist import WaitingListException
 from pretix.base.services.waitinglist import assign_automatically
 from pretix.base.views.tasks import AsyncAction
-from pretix.control.forms.waitinglist import WaitingListEntryEditForm
+from pretix.control.forms.waitinglist import WaitingListEntryTransferForm
 from pretix.control.permissions import EventPermissionRequiredMixin
 from pretix.control.views import PaginationMixin
 
@@ -138,17 +138,6 @@ class WaitingListQuerySetMixin:
         elif force_filtered and '__ALL' not in self.request_data:
             qs = qs.none()
 
-        if self.request_data.get("search", "") != "":
-            s = self.request_data.get("search", "")
-            search_q = Q(email__icontains=s)
-
-            if self.request.event.settings.waiting_list_names_asked:
-                search_q = search_q | Q(name_cached__icontains=s)
-            if self.request.event.settings.waiting_list_phones_asked:
-                search_q = search_q | Q(phone__icontains=s)
-
-            qs = qs.filter(search_q)
-
         return qs
 
 
@@ -249,7 +238,7 @@ class WaitingListView(EventPermissionRequiredMixin, WaitingListQuerySetMixin, Pa
     def get_context_data(self, **kwargs):
         ctx = super().get_context_data(**kwargs)
         ctx['items'] = Item.objects.filter(event=self.request.event)
-        ctx['filtered'] = any(param in self.request.GET for param in ("status", "item", "search"))
+        ctx['filtered'] = ("status" in self.request.GET or "item" in self.request.GET)
 
         itemvar_cache = {}
         quota_cache = {}
@@ -280,12 +269,11 @@ class WaitingListView(EventPermissionRequiredMixin, WaitingListQuerySetMixin, Pa
                         block_quota=True,
                         item_id=wle.item_id,
                         subevent=wle.subevent_id,
-                        waitinglistentries__isnull=False,
-                        seat__isnull=True
+                        waitinglistentries__isnull=False
                     ).aggregate(free=Sum(F('max_usages') - F('redeemed')))['free'] or 0
                     free_seats = num_free_seats_for_product - num_valid_vouchers_for_product
                     wle.availability = (
-                        Quota.AVAILABILITY_GONE if free_seats < 1 else wle.availability[0],
+                        Quota.AVAILABILITY_GONE if free_seats == 0 else wle.availability[0],
                         min(free_seats, wle.availability[1]) if wle.availability[1] is not None else free_seats,
                     )
 
@@ -402,20 +390,25 @@ class EntryDelete(EventPermissionRequiredMixin, CompatDeleteView):
         })
 
 
-class EntryEdit(EventPermissionRequiredMixin, UpdateView):
+class EntryTransfer(EventPermissionRequiredMixin, UpdateView):
     model = WaitingListEntry
-    template_name = 'pretixcontrol/waitinglist/edit.html'
+    template_name = 'pretixcontrol/waitinglist/transfer.html'
     permission = 'can_change_orders'
-    form_class = WaitingListEntryEditForm
+    form_class = WaitingListEntryTransferForm
     context_object_name = 'entry'
 
+    def dispatch(self, request, *args, **kwargs):
+        if not self.request.event.has_subevents:
+            raise Http404(_("This is not an event series."))
+        return super().dispatch(request, *args, **kwargs)
+
     def get_object(self, queryset=None) -> WaitingListEntry:
         return get_object_or_404(WaitingListEntry, pk=self.kwargs['entry'], event=self.request.event, voucher__isnull=True)
 
     @transaction.atomic
     def form_valid(self, form):
+        messages.success(self.request, _('The waitinglist entry has been transferred.'))
         if form.has_changed():
-            messages.success(self.request, _('The waitinglist entry has been changed.'))
             self.object.log_action(
                 'pretix.event.orders.waitinglist.changed', user=self.request.user, data={
                     k: form.cleaned_data.get(k) for k in form.changed_data

src/pretix/locale/de/wordlist.txt

@@ -265,7 +265,6 @@ Objekt-IDs
 Offline-Scan
 OK
 Online-Banking
-Online-Banking-Nutzer
 Onlinebanking
 Onlinebanking-Zugangsdaten
 Open
@@ -540,8 +539,6 @@ WeChat-Zahlung
 Weiterleitungs-URIs
 Weiterleitungs-URL
 Weiterleitungs-URLs
-WERO
-WERO-App
 WhatsApp
 Widget
 Widget-Code

src/pretix/locale/de_Informal/wordlist.txt

@@ -265,7 +265,6 @@ Objekt-IDs
 Offline-Scan
 OK
 Online-Banking
-Online-Banking-Nutzer
 Onlinebanking
 Onlinebanking-Zugangsdaten
 Open
@@ -540,8 +539,6 @@ WeChat-Zahlung
 Weiterleitungs-URIs
 Weiterleitungs-URL
 Weiterleitungs-URLs
-WERO
-WERO-App
 WhatsApp
 Widget
 Widget-Code

src/pretix/locale/djangojs.pot

@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-02-24 11:50+0000\n"
+"POT-Creation-Date: 2026-01-26 13:20+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"

src/pretix/locale/gl/LC_MESSAGES/djangojs.po

@@ -8,8 +8,8 @@ msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2026-01-26 09:10+0000\n"
-"PO-Revision-Date: 2026-03-02 21:00+0000\n"
-"Last-Translator: Sandra Rial Pérez <sandrarial@gestiontickets.online>\n"
+"PO-Revision-Date: 2025-12-03 23:00+0000\n"
+"Last-Translator: sandra r <sandrarial@gestiontickets.online>\n"
 "Language-Team: Galician <https://translate.pretix.eu/projects/pretix/pretix-"
 "js/gl/>\n"
 "Language: gl\n"
@@ -17,7 +17,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=n != 1;\n"
-"X-Generator: Weblate 5.16.1\n"
+"X-Generator: Weblate 5.14.3\n"
 
 #: pretix/plugins/banktransfer/static/pretixplugins/banktransfer/ui.js:56
 #: pretix/plugins/banktransfer/static/pretixplugins/banktransfer/ui.js:62
@@ -162,12 +162,12 @@ msgstr "Pedidos pagados"
 #: pretix/plugins/statistics/static/pretixplugins/statistics/statistics.js:27
 #: pretix/plugins/statistics/static/pretixplugins/statistics/statistics.js:39
 msgid "Attendees (ordered)"
-msgstr "Asistentes (ordenados)"
+msgstr ""
 
 #: pretix/plugins/statistics/static/pretixplugins/statistics/statistics.js:27
 #: pretix/plugins/statistics/static/pretixplugins/statistics/statistics.js:39
 msgid "Attendees (paid)"
-msgstr "Asistentes (de pago)"
+msgstr ""
 
 #: pretix/plugins/statistics/static/pretixplugins/statistics/statistics.js:51
 msgid "Total revenue"
@@ -732,8 +732,8 @@ msgid ""
 "The items in your cart are no longer reserved for you. You can still "
 "complete your order as long as they’re available."
 msgstr ""
-"Os artigos do teu carro xa non están reservados para ti. Podes completar o "
-"teu pedido sempre que estean dispoñibles."
+"Os artigos da túa cesta xa non están reservados para ti. Aínda podes "
+"completar o teu pedido mentres estean dispoñibles."
 
 #: pretix/static/pretixpresale/js/ui/cart.js:49
 msgid "Cart expired"

src/pretix/locale/ja/LC_MESSAGES/djangojs.po

@@ -8,8 +8,8 @@ msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2026-01-26 09:10+0000\n"
-"PO-Revision-Date: 2026-02-23 10:00+0000\n"
-"Last-Translator: Hijiri Umemoto <hijiri@umemoto.org>\n"
+"PO-Revision-Date: 2026-02-12 20:00+0000\n"
+"Last-Translator: Yasunobu YesNo Kawaguchi <kawaguti@gmail.com>\n"
 "Language-Team: Japanese <https://translate.pretix.eu/projects/pretix/pretix-"
 "js/ja/>\n"
 "Language: ja\n"
@@ -17,7 +17,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=1; plural=0;\n"
-"X-Generator: Weblate 5.16\n"
+"X-Generator: Weblate 5.15.2\n"
 
 #: pretix/plugins/banktransfer/static/pretixplugins/banktransfer/ui.js:56
 #: pretix/plugins/banktransfer/static/pretixplugins/banktransfer/ui.js:62
@@ -256,7 +256,7 @@ msgstr "承認保留中"
 
 #: pretix/plugins/webcheckin/static/pretixplugins/webcheckin/main.js:48
 msgid "Redeemed"
-msgstr "引き換え済み"
+msgstr "使用済"
 
 #: pretix/plugins/webcheckin/static/pretixplugins/webcheckin/main.js:49
 msgid "Cancel"

src/pretix/locale/nl/LC_MESSAGES/djangojs.po

@@ -7,7 +7,7 @@ msgstr ""
 "Project-Id-Version: 1\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2026-01-26 09:10+0000\n"
-"PO-Revision-Date: 2026-02-19 22:00+0000\n"
+"PO-Revision-Date: 2026-02-05 23:00+0000\n"
 "Last-Translator: Ruud Hendrickx <ruud@leckxicon.eu>\n"
 "Language-Team: Dutch <https://translate.pretix.eu/projects/pretix/pretix-js/"
 "nl/>\n"
@@ -16,7 +16,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=n != 1;\n"
-"X-Generator: Weblate 5.16\n"
+"X-Generator: Weblate 5.15.2\n"
 
 #: pretix/plugins/banktransfer/static/pretixplugins/banktransfer/ui.js:56
 #: pretix/plugins/banktransfer/static/pretixplugins/banktransfer/ui.js:62
@@ -674,7 +674,7 @@ msgstr "Zoekopdracht"
 
 #: pretix/static/pretixcontrol/js/ui/main.js:461
 msgid "All"
-msgstr "Allemaal"
+msgstr "Alle"
 
 #: pretix/static/pretixcontrol/js/ui/main.js:462
 msgid "None"