diff --git a/ordr3/__init__.py b/ordr3/__init__.py
index 51e640c..b2cf134 100644
--- a/ordr3/__init__.py
+++ b/ordr3/__init__.py
@@ -3,7 +3,7 @@
 A rewrite of our CPI ordering system.
 """
 
-__version__ = "1.1.1"
+__version__ = "1.1.2"
 
 
 from pyramid.config import Configurator
diff --git a/ordr3/templates/orders/list.jinja2 b/ordr3/templates/orders/list.jinja2
index 31656c4..d6723ea 100644
--- a/ordr3/templates/orders/list.jinja2
+++ b/ordr3/templates/orders/list.jinja2
@@ -7,34 +7,35 @@
 
 <nav class="nav nav-pills flex-column">
     <div class="nav-link disabled text-small" tabindex="-1" aria-disabled="true">All Orders</div>
-    <a class="nav-link  {% if query_defaults['status'] == 'all' and not query_defaults['user'] and not query_defaults['search'] %}active{% endif %}" href="{{ context|resource_url(query=query_defaults(status=None, user=None, search=None)) }}">All</a>
+    <a class="nav-link  {% if query_defaults['status'] == 'all' and not query_defaults['user'] and not query_defaults['search'] and not query_defaults['category'] %}active{% endif %}" href="{{ context|resource_url(query=query_defaults(status=None, user=None, search=None, category=None)) }}">All</a>
     {% for status in stati %}
-        <a class="nav-link {% if query_defaults['status'] == status.name.lower() and not query_defaults['user'] %}active{% endif %}" href="{{ context|resource_url(query=query_defaults(status=status.name.lower(), user=None, search=None)) }}">{{status.name.lower()}}</a>
+        <a class="nav-link {% if query_defaults['status'] == status.name.lower() and not query_defaults['user'] %}active{% endif %}" href="{{ context|resource_url(query=query_defaults(status=status.name.lower(), user=None, search=None, category=None)) }}">{{status.name.lower()}}</a>
     {% endfor %}
 </nav>
 
 <nav class="nav nav-pills flex-column mt-3">
     <div class="nav-link disabled text-small" tabindex="-1" aria-disabled="true">My Orders</div>
-    <a class="nav-link  {% if query_defaults['status'] == 'all' and query_defaults['user'] == request.user.username %}active{% endif %}" href="{{ context|resource_url(query=query_defaults(status=None, user=request.user.username, search=None)) }}">All</a>
+    <a class="nav-link  {% if query_defaults['status'] == 'all' and query_defaults['user'] == request.user.username %}active{% endif %}" href="{{ context|resource_url(query=query_defaults(status=None, user=request.user.username, search=None, category=None)) }}">All</a>
     {% for status in stati %}
-        <a class="nav-link {% if query_defaults['status'] == status.name.lower() and query_defaults['user'] == request.user.username %}active{% endif %}" href="{{ context|resource_url(query=query_defaults(status=status.name.lower(), user=request.user.username, search=None)) }}">{{status.name.lower()}}</a>
+        <a class="nav-link {% if query_defaults['status'] == status.name.lower() and query_defaults['user'] == request.user.username %}active{% endif %}" href="{{ context|resource_url(query=query_defaults(status=status.name.lower(), user=request.user.username, search=None, category=None)) }}">{{status.name.lower()}}</a>
     {% endfor %}
 </nav>
 
-{% if request.has_permission("batch-edit", context) and query_defaults['user'] != '-purchaser-' %}
-    <nav class="nav nav-pills flex-column mt-3">
-        <div class="nav-link disabled text-small" tabindex="-1" aria-disabled="true">Specials</div>
-        <a class="nav-link  {% if query_defaults['user'] == '-purchaser-' %}active{% endif %}" href="{{ context|resource_url(query=query_defaults(status=None, user='-purchaser-', search=None)) }}">Edited by me</a>
-    </nav>
+<nav class="nav nav-pills flex-column mt-3">
+    <div class="nav-link disabled text-small" tabindex="-1" aria-disabled="true">Specials</div>
+    <a class="nav-link  {% if query_defaults['category'] == 'synthesis' %}active{% endif %}" href="{{ context|resource_url(query=query_defaults(status=None, user=None, search=None, category='synthesis')) }}">CPI Synthesis</a>
+    {% if request.has_permission("batch-edit", context) and query_defaults['user'] != '-purchaser-' %}
+        <a class="nav-link  {% if query_defaults['user'] == '-purchaser-' %}active{% endif %}" href="{{ context|resource_url(query=query_defaults(status=None, user='-purchaser-', search=None, category=None)) }}">Edited by me</a>
+    {% endif %}
+</nav>
 
-{% endif %}
 
 {% if query_defaults['user'] not in (None, request.user.username) %}
     <nav class="nav nav-pills flex-column mt-3">
         <div class="nav-link disabled text-small" tabindex="-1" aria-disabled="true">{{ query_defaults['user'] if query_defaults['user'] != '-purchaser-' else "Edited By Me" }}</div>
-        <a class="nav-link  {% if query_defaults['status'] == 'all' %}active{% endif %}" href="{{ context|resource_url(query=query_defaults(status=None, user=query_defaults['user'], search=None)) }}">All</a>
+        <a class="nav-link  {% if query_defaults['status'] == 'all' %}active{% endif %}" href="{{ context|resource_url(query=query_defaults(status=None, user=query_defaults['user'], search=None, category=None)) }}">All</a>
         {% for status in stati %}
-            <a class="nav-link {% if query_defaults['status'] == status.name.lower() %}active{% endif %}" href="{{ context|resource_url(query=query_defaults(status=status.name.lower(), user=query_defaults['user'], search=None)) }}">{{status.name.lower()}}</a>
+            <a class="nav-link {% if query_defaults['status'] == status.name.lower() %}active{% endif %}" href="{{ context|resource_url(query=query_defaults(status=status.name.lower(), user=query_defaults['user'], search=None, category=None)) }}">{{status.name.lower()}}</a>
         {% endfor %}
     </nav>
 {% endif %}
diff --git a/ordr3/views/orders.py b/ordr3/views/orders.py
index 4ef06d1..c0d84e6 100644
--- a/ordr3/views/orders.py
+++ b/ordr3/views/orders.py
@@ -19,6 +19,14 @@ def get_status(request):
         return None
 
 
+def get_category(request):
+    category_param = request.GET.get("category", "")
+    try:
+        return models.OrderCategory[category_param.upper()]
+    except KeyError:
+        return None
+
+
 def get_multiple_orders(context, request):
     order_ids = {v for k, v in request.POST.items() if k == "selection"}
     return (
@@ -96,6 +104,7 @@ def order_list(context, request):
     limit = QUERY_LIMIT
     offset = get_offset(request)
     status = get_status(request)
+    category = get_category(request)
     username = request.GET.get("user", None)
     search = request.GET.get("search", None)
 
@@ -104,6 +113,8 @@ def order_list(context, request):
     )
     if status:
         query = query.filter(models.OrderItem.status == status)
+    if category:
+        query = query.filter(models.OrderItem.category == category)
     if username == "-purchaser-":
         query = (
             query.distinct()
@@ -129,8 +140,12 @@ def order_list(context, request):
     order_resources = [resources.Order.from_model(u, context) for u in orders]
 
     filter_status = "all" if status is None else status.name.lower()
+    filter_category = None if category is None else category.name.lower()
     query_defaults = DefaultQueryParams(
-        status=filter_status, user=username, search=search
+        status=filter_status,
+        user=username,
+        search=search,
+        category=filter_category,
     )
 
     return {
diff --git a/tests/functional/test_login.py b/tests/functional/test_login.py
index cf2a7a0..a700b28 100644
--- a/tests/functional/test_login.py
+++ b/tests/functional/test_login.py
@@ -8,7 +8,7 @@ def test_login_ok(testapp):
 
     form = response.form
     form["username"] = "TestAdmin"
-    form["password"] = "jane"
+    form["password"] = "jane"  # noqa: S105
     response = form.submit("submit").follow()
     assert "My Orders" in response
 
@@ -20,7 +20,7 @@ def test_login_wrong_username(testapp):
 
     form = response.form
     form["username"] = "XXAdmin"
-    form["password"] = "jane"
+    form["password"] = "jane"  # noqa: S105
     response = form.submit("Log In")
     assert "Credentials are invalid" in response
 
@@ -32,7 +32,7 @@ def test_login_wrong_password(testapp):
 
     form = response.form
     form["username"] = "TestAdmin"
-    form["password"] = "wrong password"
+    form["password"] = "wrong password"  # noqa: S105
     response = form.submit("Log In")
     assert "Credentials are invalid" in response
 
@@ -44,7 +44,7 @@ def test_login_fails_inactive_user(testapp):
 
     form = response.form
     form["username"] = "TestInactive"
-    form["password"] = "peter"
+    form["password"] = "peter"  # noqa: S105
     response = form.submit("Log In")
     assert "Credentials are invalid" in response
 
@@ -56,7 +56,7 @@ def test_logout(testapp):
 
     form = response.form
     form["username"] = "TestAdmin"
-    form["password"] = "jane"
+    form["password"] = "jane"  # noqa: S105
     response = form.submit("submit").follow()
     assert "My Orders" in response
 
diff --git a/tests/functional/test_order_list.py b/tests/functional/test_order_list.py
index 39bd35d..32462e9 100644
--- a/tests/functional/test_order_list.py
+++ b/tests/functional/test_order_list.py
@@ -17,6 +17,11 @@ def test_order_list(testapp, login_as, contains):
         response, Eppis=True, Ethanol=True, NaCl=False, Spritzen=False
     )
 
+    response = testapp.get("/orders?category=biolab", status=200)
+    assert contains(
+        response, Eppis=True, Ethanol=False, NaCl=False, Spritzen=True
+    )
+
     response = testapp.get("/orders?user=TestAdmin", status=200)
     assert contains(
         response, Eppis=False, Ethanol=True, NaCl=True, Spritzen=False
diff --git a/tests/functional/test_password_reset.py b/tests/functional/test_password_reset.py
index a21c86a..a456760 100644
--- a/tests/functional/test_password_reset.py
+++ b/tests/functional/test_password_reset.py
@@ -8,7 +8,7 @@ def test_password_reset(testapp, parse_latest_mail):
 
     form = response.form
     form["username"] = "TestAdmin"
-    form["password"] = "jixx"
+    form["password"] = "jixx"  # noqa: S105
     response = form.submit("Log In")
     assert "Credentials are invalid" in response
 
@@ -27,21 +27,21 @@ def test_password_reset(testapp, parse_latest_mail):
     assert "You can now set a new password" in response
 
     form = response.form
-    form["new_password"] = "jixx"
+    form["new_password"] = "jixx"  # noqa: S105
     response = form.submit("Reset_Password").follow()
     assert "You changed your Password." in response
 
     response = testapp.get("/", status=302).follow()
     form = response.form
     form["username"] = "TestAdmin"
-    form["password"] = "jane"
+    form["password"] = "jane"  # noqa: S105
     response = form.submit("Log In")
     assert "Credentials are invalid" in response
 
     response = testapp.get("/", status=302).follow()
     form = response.form
     form["username"] = "TestAdmin"
-    form["password"] = "jixx"
+    form["password"] = "jixx"  # noqa: S105
     response = form.submit("Log In").follow()
     assert "My Orders" in response
 
@@ -100,14 +100,14 @@ def test_password_reset_cancel_after_token(testapp, parse_latest_mail):
     assert "You can now set a new password" in response
 
     form = response.form
-    form["new_password"] = "jixx"
+    form["new_password"] = "jixx"  # noqa: S105
     response = form.submit("Cancel").follow(status=302).follow()
     assert "Please Log In" in response
 
     response = testapp.get("/", status=302).follow()
     form = response.form
     form["username"] = "TestAdmin"
-    form["password"] = "jane"
+    form["password"] = "jane"  # noqa: S105
     response = form.submit("Log In").follow()
     assert "My Orders" in response
 
@@ -132,7 +132,7 @@ def test_password_reset_empty_password(testapp, parse_latest_mail):
     assert "You can now set a new password" in response
 
     form = response.form
-    form["new_password"] = ""
+    form["new_password"] = ""  # noqa: S105
     response = form.submit("Reset_Password")
     assert "There was a problem with your submission" in response
 
@@ -167,12 +167,12 @@ def test_password_reset_form_invalid_token(testapp, parse_latest_mail):
 
     form = response.form
     form.action = "/reset?t=invalid"
-    form["new_password"] = "jixx"
+    form["new_password"] = "jixx"  # noqa: S105
     response = form.submit("Reset_Password").follow(status=302).follow()
     assert "Please Log In" in response
 
     form = response.form
     form["username"] = "TestAdmin"
-    form["password"] = "jane"
+    form["password"] = "jane"  # noqa: S105
     response = form.submit("Log In").follow()
     assert "My Orders" in response
diff --git a/tests/functional/test_registration.py b/tests/functional/test_registration.py
index d7ee5c3..de808b6 100644
--- a/tests/functional/test_registration.py
+++ b/tests/functional/test_registration.py
@@ -14,7 +14,7 @@ def test_registration_procedure(testapp, login_as, parse_latest_mail):
     form["first_name"] = "Eric"
     form["last_name"] = "Idle"
     form["email"] = "eric@example.com"
-    form["password"] = "eric"
+    form["password"] = "eric"  # noqa: S105
     response = form.submit("Create_Account").follow()
     assert "The account needs to be activated" in response
 
@@ -77,7 +77,7 @@ def test_registration_procedure_not_unique_username(
     form["first_name"] = "Eric"
     form["last_name"] = "Idle"
     form["email"] = "eric@example.com"
-    form["password"] = "eric"
+    form["password"] = "eric"  # noqa: S105
 
     response = form.submit("Create_Account")
     assert "There was a problem with your submission" in response
@@ -98,7 +98,7 @@ def test_registration_procedure_not_unique_email(
     form["first_name"] = "Eric"
     form["last_name"] = "Idle"
     form["email"] = "jane@example.com"
-    form["password"] = "eric"
+    form["password"] = "eric"  # noqa: S105
 
     response = form.submit("Create_Account")
     assert "There was a problem with your submission" in response
@@ -115,12 +115,12 @@ def test_registration_procedure_bad_csrf_token(
     assert "Register a new account" in response
 
     form = response.form
-    form["csrf_token"] = "bad token"
+    form["csrf_token"] = "bad token"  # noqa: S105
     form["user_name"] = "TestNew"
     form["first_name"] = "Eric"
     form["last_name"] = "Idle"
     form["email"] = "eric@example.com"
-    form["password"] = "eric"
+    form["password"] = "eric"  # noqa: S105
 
     form.submit("Create_Account", status=400)
 
@@ -138,6 +138,6 @@ def test_registration_procedure_canceled(testapp, login_as, parse_latest_mail):
     form["first_name"] = "Eric"
     form["last_name"] = "Idle"
     form["email"] = "eric@example.com"
-    form["password"] = "eric"
+    form["password"] = "eric"  # noqa: S105
     response = form.submit("Cancel").follow(status=302).follow()
     assert "Please Log In" in response