From c49ac1569f65967906c9feabdd7dbc855333a3a8 Mon Sep 17 00:00:00 2001
From: Kroese <kroese@users.noreply.github.com>
Date: Fri, 19 Jan 2024 04:01:07 +0100
Subject: [PATCH] fix: Sanitize filename (#352)

---
 src/install.sh | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/install.sh b/src/install.sh
index f245745..db0c2a0 100644
--- a/src/install.sh
+++ b/src/install.sh
@@ -20,10 +20,11 @@ if [ -z "$BOOT" ]; then
 fi
 
 BASE=$(basename "$BOOT")
-BASE="${BASE%%\?*}"
+[ -f "$STORAGE/$BASE" ] && return 0
+
+BASE=$(basename "${BOOT%%\?*}")
 : "${BASE//+/ }"; printf -v BASE '%b' "${_//%/\\x}"
 BASE=$(echo "$BASE" | sed -e 's/[^A-Za-z0-9._-]/_/g')
-    
 [ -f "$STORAGE/$BASE" ] && return 0
 
 TMP="$STORAGE/${BASE%.*}.tmp"