From b2d54e1227b2faded2464a71f204d4992eb12efe Mon Sep 17 00:00:00 2001
From: Fedor Indutny <79877362+indutny-signal@users.noreply.github.com>
Date: Mon, 22 Sep 2025 14:49:05 -0700
Subject: [PATCH] Fix suggested names for saved attachments

---
 ts/windows/main/attachments.ts | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/ts/windows/main/attachments.ts b/ts/windows/main/attachments.ts
index 69c1c864a5..5c2446ac83 100644
--- a/ts/windows/main/attachments.ts
+++ b/ts/windows/main/attachments.ts
@@ -267,7 +267,11 @@ export const saveAttachmentToDisk = async ({
     }
     filePath = dialogFilePath;
   } else {
-    filePath = join(baseDir, name);
+    filePath = join(baseDir, basename(name));
+
+    if (!isPathInside(filePath, baseDir)) {
+      throw new Error('Invalid attachment path');
+    }
   }
 
   await writeWithAttributes(filePath, data);