misc: always pass bytes for md5 hashing (#36515)

wcs/admin/settings.py

@@ -27,6 +27,7 @@ import shutil
 
 import xml.etree.ElementTree as ET
 
+from django.utils.encoding import force_bytes
 from django.utils.six import StringIO
 
 from quixote import get_publisher, get_request, get_response, redirect
@@ -573,7 +574,7 @@ class SettingsDirectory(QommonSettingsDirectory):
             for k in permission_keys:
                 authorised_roles = [str(x) for x in permissions_cfg.get(k) or []]
                 value[-1].append(bool(str(role.id) in authorised_roles))
-        colrows_hash = hashlib.md5('%r-%r' % (rows, permissions)).hexdigest()
+        colrows_hash = hashlib.md5(force_bytes('%r-%r' % (rows, permissions))).hexdigest()
 
         form.add_hidden('hash', colrows_hash)
         form.add(CheckboxesTableWidget, 'permissions', rows=rows, columns=permissions)

wcs/qommon/http_response.py

@@ -19,6 +19,7 @@ import time
 import traceback
 import sys
 
+from django.utils.encoding import force_bytes
 from quixote import get_publisher
 from quixote.util import randbytes
 import quixote.http_response
@@ -100,7 +101,7 @@ class HTTPResponse(quixote.http_response.HTTPResponse):
         s = ''
         if self.javascript_scripts:
             from .admin.menu import get_vc_version
-            version_hash = hashlib.md5(str(get_vc_version())).hexdigest()
+            version_hash = hashlib.md5(force_bytes(get_vc_version())).hexdigest()
             root_url = get_publisher().get_root_url() + get_publisher().qommon_static_dir
             s += '\n'.join(['<script type="text/javascript" src="%sjs/%s?%s"></script>' % (
                         root_url, str(x), version_hash) for x in self.javascript_scripts])
@@ -121,7 +122,7 @@ class HTTPResponse(quixote.http_response.HTTPResponse):
         if not self.css_includes:
             return ''
         from .admin.menu import get_vc_version
-        version_hash = hashlib.md5(str(get_vc_version())).hexdigest()
+        version_hash = hashlib.md5(force_bytes(get_vc_version())).hexdigest()
         root_url = get_publisher().get_root_url() + get_publisher().qommon_static_dir
         return '\n'.join(['<link rel="stylesheet" type="text/css" href="%scss/%s?%s" />' % (
                     root_url, x, version_hash) for x in self.css_includes])

wcs/qommon/publisher.py

@@ -45,7 +45,7 @@ import xml.etree.ElementTree as ET
 from django.conf import settings
 from django.http import Http404
 from django.utils import translation
-from django.utils.encoding import force_text
+from django.utils.encoding import force_text, force_bytes
 from django.utils.six import StringIO
 from django.utils.translation import gettext, ngettext
 
@@ -397,7 +397,7 @@ class QommonPublisher(Publisher, object):
                 self.config.session_cookie_secure = True
 
         md5_hash = hashlib.md5()
-        md5_hash.update(self.app_dir)
+        md5_hash.update(force_bytes(self.app_dir))
         self.config.session_cookie_name = self.APP_NAME + '-' + md5_hash.hexdigest()[:6]
         self.config.session_cookie_path = '/'
 

wcs/qommon/templatetags/qommon.py

@@ -29,7 +29,7 @@ from pyproj import Geod
 from django import template
 from django.template import defaultfilters
 from django.utils import dateparse
-from django.utils.encoding import force_text
+from django.utils.encoding import force_bytes, force_text
 from django.utils.safestring import mark_safe
 from wcs.qommon import evalutils
 from wcs.qommon import tokens
@@ -290,7 +290,7 @@ def abs_(value):
 @register.simple_tag
 def version_hash():
     from wcs.qommon.admin.menu import get_vc_version
-    return hashlib.md5(str(get_vc_version())).hexdigest()
+    return hashlib.md5(force_bytes(get_vc_version())).hexdigest()
 
 
 def generate_token(alphabet, length):