Jochen Roderburg <address@hidden> writes:
OTOH I also saw that the patch as such is not yet complete and does
not yet cover all aspects of the underlying problem.
It seems that setting contentdisposition=on (what I also have
permanently in my wget configuration) circumvents the patch. Not only
when a Content-Disposition header is actually used, just the active
option is sufficient for this.
True. The idea is that --content-disposition automatically enables
--trust-server-names. When you use --content-disposition you are
implicitly trusting the server about the local name to use for storage.
By default --content-disposition is not used. You can enable just
--trust-server-names or --content-disposition, and the latter implies
the former as well.