diff --git a/CHANGELOG.md b/CHANGELOG.md
index 22ac3ef..01fc3ba 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,7 +6,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [Unreleased
### Added
-- Filename sanitizer that strips `[ ] { }` and control characters and collapses runs of whitespace so downloads no longer fail on Linux containers when the debrid provider returns filenames with square brackets (e.g. `[eztv]`). Gated by a new `Sanitize filenames` setting (on by default).
+- Filename sanitizer that strips `[ ] { }` and control characters and collapses runs of whitespace, working around a failure in the Bezzad Downloader NuGet package that blocks downloads on Linux when the debrid provider returns filenames with square brackets (e.g. `[eztv]`). Gated by a new `Sanitize filenames` setting; defaults to on for Linux hosts and off elsewhere.
## [2.0.129] - 2026-04-06
### Added
diff --git a/server/RdtClient.Service/Helpers/FilenameSanitizer.cs b/server/RdtClient.Service/Helpers/FilenameSanitizer.cs
index cde15d3..3b5bc2c 100644
--- a/server/RdtClient.Service/Helpers/FilenameSanitizer.cs
+++ b/server/RdtClient.Service/Helpers/FilenameSanitizer.cs
@@ -5,10 +5,14 @@ using RdtClient.Service.Services;
namespace RdtClient.Service.Helpers;
///
-/// Sanitizes filenames to prevent issues with special characters on Linux containers.
-/// Path.GetInvalidFileNameChars() on Linux only returns NUL and '/', so characters
-/// like [ ] { } that cause problems with shell globbing, URI handling, and various
-/// download clients pass through the built-in filter unchanged.
+/// Works around a known Linux-only failure in the Bezzad Downloader NuGet
+/// package, which throws "Access to the path is denied" when the target
+/// path contains square brackets, curly braces, or runs of consecutive
+/// whitespace — all common in debrid-provider release names.
+///
+/// Path.GetInvalidFileNameChars() on Linux only returns NUL and '/', so
+/// these characters pass through .NET's built-in filter unchanged.
+/// Control characters are also stripped as a defensive measure.
///
public static partial class FilenameSanitizer
{
@@ -23,7 +27,9 @@ public static partial class FilenameSanitizer
public static Boolean IsEnabled => Settings.Get.DownloadClient.SanitizeFilenames;
///
- /// Sanitizes a filename if enabled in settings; otherwise returns it unchanged.
+ /// When sanitization is enabled, returns .
+ /// When disabled, returns the input as-is; null is coerced to empty string
+ /// so callers can treat the return as non-null.
///
public static String SanitizeFilenameIfEnabled(String? filename)
{
@@ -31,7 +37,9 @@ public static partial class FilenameSanitizer
}
///
- /// Sanitizes a full path if enabled in settings; otherwise returns it unchanged.
+ /// When sanitization is enabled, returns .
+ /// When disabled, returns the input as-is; null is coerced to empty string
+ /// so callers can treat the return as non-null.
///
public static String SanitizePathIfEnabled(String? filePath)
{
@@ -39,8 +47,9 @@ public static partial class FilenameSanitizer
}
///
- /// Sanitizes a filename by stripping problematic characters and normalizing whitespace.
- /// Does NOT touch directory separators — only a single filename segment.
+ /// Strips square brackets, curly braces, and control characters, collapses
+ /// runs of whitespace to a single space, and trims. Operates on a single
+ /// filename segment; does not interpret directory separators.
///
public static String SanitizeFilename(String? filename)
{