Fix for django bug, where : and , symbols are not properly handledv5.13.2_QtAS5.13

When saving package files, ':' and ',' symbols were omitted from the
filename, even when they were passed properly. This code substitutes them
for their hexadecimal value.

Also this code changes download URLs to a safer version (names are hashed
with sha256, so they are unguessable). This only happens when DEBUG is
set to False

Change-Id: Iba2b52c6aef0b416ac7a2c276aa0ae72904be70d
Fixes: AUTOSUITE-1450
Reviewed-by: Egor Nemtsev <enemtsev@luxoft.com>
(cherry picked from commit f605d6601bf52631e27e97454a74fdaa64a05a83)
Reviewed-by: Nikolay Zamotaev <nzamotaev@luxoft.com>

1 files changed, 5 insertions, 1 deletions

diff --git a/store/api.py b/store/api.py
index 163cb33..224d7ed 100644
--- a/store/api.py
+++ b/store/api.py
@@ -32,6 +32,7 @@
 
 import os
 import shutil
+import hashlib
 
 from django.conf import settings
 from django.db.models import Q, Count
@@ -269,7 +270,10 @@ def appPurchase(request):
 
         # we should not use obvious names here, but just hash the string.
         # this would be a nightmare to debug though and this is a development server :)
-        toFile = str(app.appid) + '_' + str(request.user.id) + '_' + str(app.architecture) + '_' + str(app.tags) + '_'+ str(deviceId) + '.appkg'
+        toFile = str(app.appid) + '_' + str(request.user.id) + '_' + str(app.architecture) + '_' + str(app.tags) + '_'+ str(deviceId)
+        if not settings.DEBUG:
+            toFile = hashlib.sha256(toFile).hexdigest()
+        toFile += '.appkg'
         toPath = downloadPath()
         if not os.path.exists(toPath):
             os.makedirs(toPath)