From 60a126024c8f4fa383fa08f5ecdcbfc843df6278 Mon Sep 17 00:00:00 2001
From: Alex Ling <hkalexling@gmail.com>
Date: Mon, 6 Sep 2021 12:58:48 +0000
Subject: [PATCH] Stricter sanitization rules for download filenames

Fixes #212
---
 src/plugin/downloader.cr | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/plugin/downloader.cr b/src/plugin/downloader.cr
index 054698e..d826bac 100644
--- a/src/plugin/downloader.cr
+++ b/src/plugin/downloader.cr
@@ -24,8 +24,9 @@ class Plugin
     end
 
     private def process_filename(str)
-      return "_" if str == ".."
-      str.gsub "/", "_"
+      str
+        .gsub(/[\/\s\.\177\000-\031]/, "_")
+        .gsub(/__+/, "_")
     end
 
     private def download(job : Queue::Job)