Download file to subdirectory

e-alfred / ocdownloader

ocDownloader - AGPL-licensed multi-protocol download manager for Nextcloud using ARIA2, youtube-dl and Curl (supports Youtube, BitTorrent, HTTP, FTP)

https://github.com/e-alfred/ocdownloader

GNU Affero General Public License v3.0

375 stars 85 forks source link

Download file to subdirectory #236

Open Jwiggiff opened 2 years ago

Jwiggiff commented 2 years ago

### Steps to reproduce 1. In output name for download, put `/subdirectory/file.txt` ### Expected behaviour File downloaded to `Downloads/subdirectory/file.txt` ### Actual behaviour File downloaded to `Downloads/subdirectory_file.txt` I believe this is issue is caused by the fix implemented in #221. The sanitization should be so it disallows parent directories (which was the security vulnerability) but allow subdirectories.