sanitize_file_name

Sanitizes a filename, replacing whitespace with dashes.

Description

(string) sanitize_file_name( (string) $filename ); 

Removes special characters that are illegal in filenames on certain operating systems and special characters requiring special escaping to manipulate at the command line. Replaces spaces and consecutive dashes with a single dash. Trims period, dash and underscore from beginning and end of filename. It is not guaranteed that this function will return a filename that is allowed to be uploaded.

Returns (string)

The sanitized filename

Parameters (1)

0. $filename (string)
The filename to be sanitized

Usage

  1. if ( !function_exists( 'sanitize_file_name' ) ) { 
  2.     require_once ABSPATH . WPINC . '/formatting.php'; 
  4.   
  5. // The filename to be sanitized 
  6. $filename = ''; 
  7.   
  8. // NOTICE! Understand what this does before running. 
  9. $result = sanitize_file_name($filename); 
  10.     

Defined (1)

The function is defined in the following location(s).

/wp-includes/formatting.php  
  1. function sanitize_file_name( $filename ) { 
  2.     $filename_raw = $filename; 
  3.     $special_chars = array("?", "[", "]", "/", "\\", "=", "<", ">", ":", ";", ", ", "'", "\"", "&", "$", "#", "*", "(", ")", "|", "~", "`", "!", "{", "}", "%", "+", chr(0)); 
  4.     /** 
  5.      * Filters the list of characters to remove from a filename. 
  7.      * @since 2.8.0 
  9.      * @param array  $special_chars Characters to remove. 
  10.      * @param string $filename_raw  Filename as it was passed into sanitize_file_name(). 
  11.      */ 
  12.     $special_chars = apply_filters( 'sanitize_file_name_chars', $special_chars, $filename_raw ); 
  13.     $filename = preg_replace( "#\x{00a0}#siu", ' ', $filename ); 
  14.     $filename = str_replace( $special_chars, '', $filename ); 
  15.     $filename = str_replace( array( '%20', '+' ), '-', $filename ); 
  16.     $filename = preg_replace( '/[\r\n\t -]+/', '-', $filename ); 
  17.     $filename = trim( $filename, '.-_' ); 
  18.  
  19.     if ( false === strpos( $filename, '.' ) ) { 
  20.         $mime_types = wp_get_mime_types(); 
  21.         $filetype = wp_check_filetype( 'test.' . $filename, $mime_types ); 
  22.         if ( $filetype['ext'] === $filename ) { 
  23.             $filename = 'unnamed-file.' . $filetype['ext']; 
  26.  
  27.     // Split the filename into a base and extension[s] 
  28.     $parts = explode('.', $filename); 
  29.  
  30.     // Return if only one extension 
  31.     if ( count( $parts ) <= 2 ) { 
  32.         /** 
  33.          * Filters a sanitized filename string. 
  35.          * @since 2.8.0 
  37.          * @param string $filename     Sanitized filename. 
  38.          * @param string $filename_raw The filename prior to sanitization. 
  39.          */ 
  40.         return apply_filters( 'sanitize_file_name', $filename, $filename_raw ); 
  42.  
  43.     // Process multiple extensions 
  44.     $filename = array_shift($parts); 
  45.     $extension = array_pop($parts); 
  46.     $mimes = get_allowed_mime_types(); 
  47.  
  48.     /** 
  49.      * Loop over any intermediate extensions. Postfix them with a trailing underscore 
  50.      * if they are a 2 - 5 character long alpha string not in the extension whitelist. 
  51.      */ 
  52.     foreach ( (array) $parts as $part) { 
  53.         $filename .= '.' . $part; 
  54.  
  55.         if ( preg_match("/^[a-zA-Z]{2, 5}\d?$/", $part) ) { 
  56.             $allowed = false; 
  57.             foreach ( $mimes as $ext_preg => $mime_match ) { 
  58.                 $ext_preg = '!^(' . $ext_preg . ')$!i'; 
  59.                 if ( preg_match( $ext_preg, $part ) ) { 
  60.                     $allowed = true; 
  61.                     break; 
  64.             if ( !$allowed ) 
  65.                 $filename .= '_'; 
  68.     $filename .= '.' . $extension; 
  69.     /** This filter is documented in wp-includes/formatting.php */ 
  70.     return apply_filters('sanitize_file_name', $filename, $filename_raw);