From a93a879f508d7e018d2d47e2a6b291dae02217f2 Mon Sep 17 00:00:00 2001 From: Benjamin Bach Date: Sun, 4 Aug 2024 12:06:52 +0200 Subject: [PATCH] Don't Error 500 when using other member's Order PK etc --- src/accounting/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/accounting/views.py b/src/accounting/views.py index 38a6d6e..7740a16 100644 --- a/src/accounting/views.py +++ b/src/accounting/views.py @@ -102,7 +102,7 @@ def success(request: HttpRequest, order_id: int) -> HttpResponse: quickly as possible. """ user = request.user # People just need to login to pay something, not necessarily be a member - order = models.Order.objects.get(pk=order_id, member=user) + order = get_object_or_404(models.Order, pk=order_id, member=user) context = { "order": order,