diff --git a/app/controllers/code_ocean/files_controller.rb b/app/controllers/code_ocean/files_controller.rb
index ec9c4765..34567723 100644
--- a/app/controllers/code_ocean/files_controller.rb
+++ b/app/controllers/code_ocean/files_controller.rb
@@ -20,7 +20,7 @@ module CodeOcean
       @file = CodeOcean::File.find(params[:id])
       authorize!
       # The `@file.name_with_extension` is assembled based on the user-selected file type, not on the actual file name stored on disk.
-      raise Pundit::NotAuthorizedError if @embed_options[:disable_download] || @file.name_with_extension != params[:filename]
+      raise Pundit::NotAuthorizedError if @embed_options[:disable_download] || @file.filepath != params[:filename]
 
       real_location = Pathname(@file.native_file.current_path).realpath
       send_file(real_location, type: @file.native_file.content_type, filename: @file.name_with_extension, disposition: 'attachment')
@@ -33,7 +33,7 @@ module CodeOcean
       @file = authorize AuthenticatedUrlHelper.retrieve!(CodeOcean::File, request)
 
       # The `@file.name_with_extension` is assembled based on the user-selected file type, not on the actual file name stored on disk.
-      raise Pundit::NotAuthorizedError unless @file.name_with_extension == params[:filename]
+      raise Pundit::NotAuthorizedError unless @file.filepath == params[:filename]
 
       real_location = Pathname(@file.native_file.current_path).realpath
       send_file(real_location, type: @file.native_file.content_type, filename: @file.name_with_extension)
diff --git a/app/controllers/submissions_controller.rb b/app/controllers/submissions_controller.rb
index 8e8e0993..0024ba70 100644
--- a/app/controllers/submissions_controller.rb
+++ b/app/controllers/submissions_controller.rb
@@ -62,7 +62,7 @@ class SubmissionsController < ApplicationController
     raise Pundit::NotAuthorizedError if @embed_options[:disable_download]
 
     if @file.native_file?
-      redirect_to protected_upload_path(id: @file.id, filename: @file.name_with_extension)
+      redirect_to protected_upload_path(id: @file.id, filename: @file.filepath)
     else
       send_data(@file.content, filename: @file.name_with_extension, disposition: 'attachment')
     end
@@ -92,7 +92,7 @@ class SubmissionsController < ApplicationController
 
     # Finally grant access and send the file
     if @file.native_file?
-      url = render_protected_upload_url(id: @file.id, filename: @file.name_with_extension)
+      url = render_protected_upload_url(id: @file.id, filename: @file.filepath)
       redirect_to AuthenticatedUrlHelper.sign(url, @file)
     else
       send_data(@file.content, filename: @file.name_with_extension, disposition: 'inline')
diff --git a/spec/controllers/submissions_controller_spec.rb b/spec/controllers/submissions_controller_spec.rb
index 916b561d..afdaa088 100644
--- a/spec/controllers/submissions_controller_spec.rb
+++ b/spec/controllers/submissions_controller_spec.rb
@@ -76,7 +76,7 @@ describe SubmissionsController do
         expect_assigns(submission: :submission)
 
         it 'sets the correct redirect' do
-          expect(response.location).to eq protected_upload_url(id: file, filename: file.name_with_extension)
+          expect(response.location).to eq protected_upload_url(id: file, filename: file.filepath)
         end
       end
 
@@ -127,7 +127,7 @@ describe SubmissionsController do
 
       context 'with a binary file' do
         let(:file) { submission.collect_files.detect {|file| file.file_type.file_extension == '.mp4' } }
-        let(:signed_url_video) { AuthenticatedUrlHelper.sign(render_protected_upload_url(id: file, filename: file.name_with_extension), file) }
+        let(:signed_url_video) { AuthenticatedUrlHelper.sign(render_protected_upload_url(id: file, filename: file.filepath), file) }
 
         expect_assigns(file: :file)
         expect_assigns(submission: :submission)