sanitize_file_name

Sanitizes a filename, replacing whitespace with dashes.

Description

(string) sanitize_file_name( (string) $filename ); 

Removes special characters that are illegal in filenames on certain operating systems and special characters requiring special escaping to manipulate at the command line. Replaces spaces and consecutive dashes with a single dash. Trims period, dash and underscore from beginning and end of filename. It is not guaranteed that this function will return a filename that is allowed to be uploaded.

Returns (string)

The sanitized filename

Parameters (1)

0. $filename (string)
The filename to be sanitized

Usage

  1. if ( !function_exists( 'sanitize_file_name' ) ) { 
  2. require_once ABSPATH . WPINC . '/formatting.php'; 
  3.  
  4. // The filename to be sanitized 
  5. $filename = ''; 
  6.  
  7. // NOTICE! Understand what this does before running. 
  8. $result = sanitize_file_name($filename); 
  9.  

Defined (1)

The function is defined in the following location(s).

/wp-includes/formatting.php  
  1. function sanitize_file_name( $filename ) { 
  2. $filename_raw = $filename; 
  3. $special_chars = array("?", "[", "]", "/", "\\", "=", "<", ">", ":", ";", ", ", "'", "\"", "&", "$", "#", "*", "(", ")", "|", "~", "`", "!", "{", "}", "%", "+", chr(0)); 
  4. /** 
  5. * Filters the list of characters to remove from a filename. 
  6. * @since 2.8.0 
  7. * @param array $special_chars Characters to remove. 
  8. * @param string $filename_raw Filename as it was passed into sanitize_file_name(). 
  9. */ 
  10. $special_chars = apply_filters( 'sanitize_file_name_chars', $special_chars, $filename_raw ); 
  11. $filename = preg_replace( "#\x{00a0}#siu", ' ', $filename ); 
  12. $filename = str_replace( $special_chars, '', $filename ); 
  13. $filename = str_replace( array( '%20', '+' ), '-', $filename ); 
  14. $filename = preg_replace( '/[\r\n\t -]+/', '-', $filename ); 
  15. $filename = trim( $filename, '.-_' ); 
  16.  
  17. if ( false === strpos( $filename, '.' ) ) { 
  18. $mime_types = wp_get_mime_types(); 
  19. $filetype = wp_check_filetype( 'test.' . $filename, $mime_types ); 
  20. if ( $filetype['ext'] === $filename ) { 
  21. $filename = 'unnamed-file.' . $filetype['ext']; 
  22.  
  23. // Split the filename into a base and extension[s] 
  24. $parts = explode('.', $filename); 
  25.  
  26. // Return if only one extension 
  27. if ( count( $parts ) <= 2 ) { 
  28. /** 
  29. * Filters a sanitized filename string. 
  30. * @since 2.8.0 
  31. * @param string $filename Sanitized filename. 
  32. * @param string $filename_raw The filename prior to sanitization. 
  33. */ 
  34. return apply_filters( 'sanitize_file_name', $filename, $filename_raw ); 
  35.  
  36. // Process multiple extensions 
  37. $filename = array_shift($parts); 
  38. $extension = array_pop($parts); 
  39. $mimes = get_allowed_mime_types(); 
  40.  
  41. /** 
  42. * Loop over any intermediate extensions. Postfix them with a trailing underscore 
  43. * if they are a 2 - 5 character long alpha string not in the extension whitelist. 
  44. */ 
  45. foreach ( (array) $parts as $part) { 
  46. $filename .= '.' . $part; 
  47.  
  48. if ( preg_match("/^[a-zA-Z]{2, 5}\d?$/", $part) ) { 
  49. $allowed = false; 
  50. foreach ( $mimes as $ext_preg => $mime_match ) { 
  51. $ext_preg = '!^(' . $ext_preg . ')$!i'; 
  52. if ( preg_match( $ext_preg, $part ) ) { 
  53. $allowed = true; 
  54. break; 
  55. if ( !$allowed ) 
  56. $filename .= '_'; 
  57. $filename .= '.' . $extension; 
  58. /** This filter is documented in wp-includes/formatting.php */ 
  59. return apply_filters('sanitize_file_name', $filename, $filename_raw);