From 47cb8ca4ff06b24120eb97ab2fe1f5fa7d34c442 Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Wed, 5 Nov 2025 11:51:56 +0900
Subject: [PATCH] Fix double escape of filename in short download URL #2611

---
 modules/file/file.controller.php | 4 ++--
 modules/file/file.model.php      | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/modules/file/file.controller.php b/modules/file/file.controller.php
index cf1842a9e..01702a6b5 100644
--- a/modules/file/file.controller.php
+++ b/modules/file/file.controller.php
@@ -307,7 +307,7 @@ class FileController extends File
 
 		$file_srl = Context::get('file_srl');
 		$sid = Context::get('sid');
-		$filename_arg = Context::get('filename');
+		$filename_arg = htmlspecialchars_decode(Context::get('filename'));
 
 		// Get file information from the DB
 		$file_obj = FileModel::getFile($file_srl);
@@ -434,7 +434,7 @@ class FileController extends File
 		// Get requsted file info
 		$file_srl = Context::get('file_srl');
 		$file_key = Context::get('file_key');
-		$filename_arg = Context::get('filename');
+		$filename_arg = htmlspecialchars_decode(Context::get('filename'));
 
 		$columnList = array('source_filename', 'uploaded_filename', 'file_size');
 		$file_obj = FileModel::getFile($file_srl, $columnList);
diff --git a/modules/file/file.model.php b/modules/file/file.model.php
index 4a1c40e7b..ba69f6c6e 100644
--- a/modules/file/file.model.php
+++ b/modules/file/file.model.php
@@ -476,8 +476,8 @@ class FileModel extends File
 		$nullList = array();
 		foreach ($output->data as $file)
 		{
-			$file->source_filename = escape($file->source_filename, false);
 			$file->download_url = self::getDownloadUrl($file->file_srl, $file->sid, 0, $file->source_filename);
+			$file->source_filename = escape($file->source_filename, false);
 			$fileList[] = $file;
 			if ($file->upload_target_type === null)
 			{