Feature request: flag to use the message ID as file name for media downloads

[longregen]

This input should not be trusted and it's a possible source of path traversal problems. I received a message with a "/" in the filename and the download just failed silently from --listen --download-media.

Rather than: https://github.com/8go/matrix-commander/blame/026450f111d8600fe4cec29ba62ad17112a0d545/matrix_commander/matrix_commander.py#L468

Why not just use the ID of the message? AFAIK, messages can't have more than one attachment -- if they do, we can use "choose_next_available_filename_with_whatever_strategy", but this default is a real pain. I can provide an alternative but I would try to keep it simple.

[longregen]

Something like this is a preferable approach to me

diff --git a/matrix_commander/matrix_commander.py b/matrix_commander/matrix_commander.py
index 489f3e0..3634c7a 100755
--- a/matrix_commander/matrix_commander.py
+++ b/matrix_commander/matrix_commander.py
@@ -723,7 +723,7 @@ class Callbacks(object):
                     else:
                         media_data = resp.body
                         filename = choose_available_filename(
-                            os.path.join(gs.pa.download_media, event.body)
+                            os.path.join(gs.pa.download_media, event.event_id)
                         )
                         async with aiofiles.open(filename, "wb") as f:
                             await f.write(media_data)
@@ -753,7 +753,7 @@ class Callbacks(object):
                     else:
                         media_data = resp.body
                         filename = choose_available_filename(
-                            os.path.join(gs.pa.download_media, event.body)
+                            os.path.join(gs.pa.download_media, event.event_id)
                         )
                         async with aiofiles.open(filename, "wb") as f:
                             await f.write(

[8go]

Done, see PR 25845fb

Use option --download-media-name eventid and test it.