Thank you so much.
I think hashing make Guru more secure because an unpaid user can guess course files name (all files stored in one folder unfortunately ) and access to them.
Of course Guru developer team knows the best solution but currently I made this tiny changes :
A) In file : components\com_guru\helpers\fileuploader.php
1)Near Line 153 [add]:
$filename=md5($filename.time()); //make hash
2)Near line 183 [edit]:
return array('success'=>true,'hash'=>$filename.".".$ext);//return filename
3)Near line 453 [edit]:
$result['locate'] = $res."/".$result['hash']; //add new filename
AA) In file :
components\com_guru\helpers\createUploader.php
1) Near line 79 [edit]:
jQuery(\'#localfile\').append("<option value=\'"+responseJSON.locate + "\' selected=\'selected\'>"+ fileName+"</option>"); // get new filename
With best.