diff --git a/src/main.rs b/src/main.rs
index 2702cd3..ec0f634 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -28,6 +28,7 @@ use actix_web::{
     web::{self, BufMut, BytesMut},
 };
 use chrono::Utc;
+use urlencoding::decode;
 use diesel::sqlite::Sqlite;
 use rayon::prelude::*;
 
@@ -225,8 +226,13 @@ async fn upload_image(
         if let Some(content_type) = part.content_disposition() {
             debug!("{:?}", content_type);
             if let Some(filename) = content_type.get_filename() {
-                debug!("Name: {:?}", filename);
-                file_name = Some(filename.to_string());
+                debug!("Name (raw): {:?}", filename);
+                // Decode URL-encoded filename (e.g., "file%20name.jpg" -> "file name.jpg")
+                let decoded_filename = decode(filename)
+                    .map(|s| s.to_string())
+                    .unwrap_or_else(|_| filename.to_string());
+                debug!("Name (decoded): {:?}", decoded_filename);
+                file_name = Some(decoded_filename);
 
                 while let Some(Ok(data)) = part.next().await {
                     file_content.put(data);
@@ -243,6 +249,10 @@ async fn upload_image(
 
     let path = file_path.unwrap_or_else(|| app_state.base_path.clone());
     if !file_content.is_empty() {
+        if file_name.is_none() {
+            span.set_status(Status::error("No filename provided"));
+            return HttpResponse::BadRequest().body("No filename provided");
+        }
         let full_path = PathBuf::from(&path).join(file_name.unwrap());
         if let Some(full_path) = is_valid_full_path(
             &app_state.base_path,