From 50351e2fecaf11cbdfe44a315269f9d9fcc4ae5a Mon Sep 17 00:00:00 2001
From: VictoriqueMoe <loli@victorique.moe>
Date: Tue, 4 Jun 2024 21:26:49 +0100
Subject: [PATCH] do not expose hidden filenames

---
 src/controllers/serve/FileServerController.ts | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/controllers/serve/FileServerController.ts b/src/controllers/serve/FileServerController.ts
index 5366dee..2b96178 100644
--- a/src/controllers/serve/FileServerController.ts
+++ b/src/controllers/serve/FileServerController.ts
@@ -33,7 +33,13 @@ export class FileServerController {
             // unknown> just send an octet stream and let the client figure it out
             res.contentType("application/octet-stream");
         }
-        res.attachment(entry.originalFileName);
+
+        if (entry.settings?.hideFilename) {
+            res.attachment(entry.fullFileNameOnSystem);
+        } else {
+            res.attachment(entry.originalFileName);
+        }
+
         res.send(buff);
     }