Respect subpath for (render_)protected_upload_path

app/controllers/submissions_controller.rb

@@ -62,7 +62,7 @@ class SubmissionsController < ApplicationController
     raise Pundit::NotAuthorizedError if @embed_options[:disable_download]
 
     if @file.native_file?
-      redirect_to protected_upload_path(id: @file.id, filename: @file.name_with_extension)
+      redirect_to protected_upload_path(id: @file.id, filename: @file.filepath)
     else
       send_data(@file.content, filename: @file.name_with_extension, disposition: 'attachment')
     end
@@ -92,7 +92,7 @@ class SubmissionsController < ApplicationController
 
     # Finally grant access and send the file
     if @file.native_file?
-      url = render_protected_upload_url(id: @file.id, filename: @file.name_with_extension)
+      url = render_protected_upload_url(id: @file.id, filename: @file.filepath)
       redirect_to AuthenticatedUrlHelper.sign(url, @file)
     else
       send_data(@file.content, filename: @file.name_with_extension, disposition: 'inline')