diff options
| author | Nikolay Zamotaev <nzamotaev@luxoft.com> | 2020-02-04 17:55:31 +0300 |
|---|---|---|
| committer | Nikolay Zamotaev <nzamotaev@luxoft.com> | 2020-02-14 14:18:15 +0000 |
| commit | 6666a6fddd06ef73cd09b34ee5cf030320460c92 (patch) | |
| tree | 5b15c50bd1ce8075ac7abd12e2aa6d5da934ff45 | |
| parent | 0cd57fd914d1ec8170416bba537713e71a37d4dd (diff) | |
Fix for django bug, where : and , symbols are not properly handledv5.13.2_QtAS5.13
When saving package files, ':' and ',' symbols were omitted from the
filename, even when they were passed properly. This code substitutes them
for their hexadecimal value.
Also this code changes download URLs to a safer version (names are hashed
with sha256, so they are unguessable). This only happens when DEBUG is
set to False
Change-Id: Iba2b52c6aef0b416ac7a2c276aa0ae72904be70d
Fixes: AUTOSUITE-1450
Reviewed-by: Egor Nemtsev <enemtsev@luxoft.com>
(cherry picked from commit f605d6601bf52631e27e97454a74fdaa64a05a83)
Reviewed-by: Nikolay Zamotaev <nzamotaev@luxoft.com>
| -rw-r--r-- | store/api.py | 6 | ||||
| -rw-r--r-- | store/utilities.py | 4 |
2 files changed, 7 insertions, 3 deletions
diff --git a/store/api.py b/store/api.py index 163cb33..224d7ed 100644 --- a/store/api.py +++ b/store/api.py @@ -32,6 +32,7 @@ import os import shutil +import hashlib from django.conf import settings from django.db.models import Q, Count @@ -269,7 +270,10 @@ def appPurchase(request): # we should not use obvious names here, but just hash the string. # this would be a nightmare to debug though and this is a development server :) - toFile = str(app.appid) + '_' + str(request.user.id) + '_' + str(app.architecture) + '_' + str(app.tags) + '_'+ str(deviceId) + '.appkg' + toFile = str(app.appid) + '_' + str(request.user.id) + '_' + str(app.architecture) + '_' + str(app.tags) + '_'+ str(deviceId) + if not settings.DEBUG: + toFile = hashlib.sha256(toFile).hexdigest() + toFile += '.appkg' toPath = downloadPath() if not os.path.exists(toPath): os.makedirs(toPath) diff --git a/store/utilities.py b/store/utilities.py index cec403a..02faf4a 100644 --- a/store/utilities.py +++ b/store/utilities.py @@ -68,7 +68,7 @@ def packagePath(appId = None, architecture = None, tags = None): if tags is None: tags = "" if (appId is not None) and (architecture is not None): - return path + '_'.join([appId, architecture, tags]).replace('/','_').replace('\\','_') + path = path + '_'.join([appId, architecture, tags]).replace('/','_').replace('\\','_').replace(':','x3A').replace(',','x2C') return path def iconPath(appId = None, architecture = None, tags = None): @@ -76,7 +76,7 @@ def iconPath(appId = None, architecture = None, tags = None): if tags is None: tags = "" if (appId is not None) and (architecture is not None): - return path + '_'.join([appId, architecture, tags]).replace('/','_').replace('\\','_') + '.png' + return path + '_'.join([appId, architecture, tags]).replace('/','_').replace('\\','_').replace(':','x3A').replace(',','x2C') + '.png' return path def writeTempIcon(appId, architecture, tags, icon): |