From c1e162cc74f00d5251a7a5eedcc8dd7eb9870459 Mon Sep 17 00:00:00 2001
From: Craig Jennings <c@cjennings.net>
Date: Fri, 8 May 2026 23:24:19 -0500
Subject: fix(gmail): Improve safe_filename to handle .. prefixes

Strip leading ".." sequences instead of stripping all leading dots,
so dotfiles like ".gitignore" are preserved while still preventing
directory traversal via "../foo" style names. ```
---
 .ai/scripts/gmail-fetch-attachments.py | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/.ai/scripts/gmail-fetch-attachments.py b/.ai/scripts/gmail-fetch-attachments.py
index 8aa2789..b42101c 100755
--- a/.ai/scripts/gmail-fetch-attachments.py
+++ b/.ai/scripts/gmail-fetch-attachments.py
@@ -123,8 +123,17 @@ def collect_attachments(payload: dict) -> list[dict]:
 
 
 def safe_filename(name: str) -> str:
-    """Strip path separators. Preserve everything else."""
-    return name.replace("/", "_").replace("\\", "_").lstrip(".")
+    """Strip path separators and leading parent-dir markers (..).
+
+    Path separators become underscores so the filename can't escape the
+    output directory. Leading ".." sequences are stripped so an attachment
+    named "../foo" lands as "_foo" rather than ".._foo". Single leading
+    dots are preserved so dotfiles like ".gitignore" survive intact.
+    """
+    cleaned = name.replace("/", "_").replace("\\", "_")
+    while cleaned.startswith(".."):
+        cleaned = cleaned[2:]
+    return cleaned
 
 
 def main() -> int:
-- 
cgit v1.2.3