sanitize_file_name() │ WP 2.1.0
Sanitizes a file name, replacing spaces with '_' and removing invalid characters, etc.
Replaces:
- spaces with
_
- multiple dashes with one
- removes dots, dashes, underscores (. - _) at the ends of the name
- removes various characters:
? [ ] / \ = <> : ; ' & $ # * ( ) | ~ ` ! { }.
1 time — 0.0000939 sec (very fast) | 50000 times — 0.28 sec (very fast) | PHP 7.4.33, WP 6.1.1
Returns
String. Sanitized file name.
Usage
sanitize_file_name( $filename );
- $filename(string) (required)
- The file name to be sanitized.
Examples
#1 Clear the name of the file before uploading it to the server.
This function removes any special characters like brackets, commas etc from a file name:
$filename = '__my--file-&,-[name]-<->;.jpg';
$filename = sanitize_file_name( $filename ); //> my-file-name-.jpg
Changelog
sanitize_file_name() sanitize file name code
WP 6.9
function sanitize_file_name( $filename ) {
$filename_raw = $filename;
$filename = remove_accents( $filename );
$special_chars = array( '?', '[', ']', '/', '\\', '=', '<', '>', ':', ';', ',', "'", '"', '&', '$', '#', '*', '(', ')', '|', '~', '`', '!', '{', '}', '%', '+', '’', '«', '»', '”', '“', chr( 0 ) );
if ( ! wp_is_valid_utf8( $filename ) ) {
$_ext = pathinfo( $filename, PATHINFO_EXTENSION );
$_name = pathinfo( $filename, PATHINFO_FILENAME );
$filename = sanitize_title_with_dashes( $_name ) . '.' . $_ext;
}
if ( _wp_can_use_pcre_u() ) {
/**
* Replace all whitespace characters with a basic space (U+0020).
*
* The “Zs” in the pattern selects characters in the `Space_Separator`
* category, which is what Unicode considers space characters.
*
* @see https://www.unicode.org/reports/tr44/#General_Category_Values
* @see https://www.unicode.org/versions/Unicode16.0.0/core-spec/chapter-6/#G17548
* @see https://www.php.net/manual/en/regexp.reference.unicode.php
*/
$filename = preg_replace( '#\p{Zs}#siu', ' ', $filename );
}
/**
* Filters the list of characters to remove from a filename.
*
* @since 2.8.0
*
* @param string[] $special_chars Array of characters to remove.
* @param string $filename_raw The original filename to be sanitized.
*/
$special_chars = apply_filters( 'sanitize_file_name_chars', $special_chars, $filename_raw );
$filename = str_replace( $special_chars, '', $filename );
$filename = str_replace( array( '%20', '+' ), '-', $filename );
$filename = preg_replace( '/\.{2,}/', '.', $filename );
$filename = preg_replace( '/[\r\n\t -]+/', '-', $filename );
$filename = trim( $filename, '.-_' );
if ( ! str_contains( $filename, '.' ) ) {
$mime_types = wp_get_mime_types();
$filetype = wp_check_filetype( 'test.' . $filename, $mime_types );
if ( $filetype['ext'] === $filename ) {
$filename = 'unnamed-file.' . $filetype['ext'];
}
}
// Split the filename into a base and extension[s].
$parts = explode( '.', $filename );
// Return if only one extension.
if ( count( $parts ) <= 2 ) {
/** This filter is documented in wp-includes/formatting.php */
return apply_filters( 'sanitize_file_name', $filename, $filename_raw );
}
// Process multiple extensions.
$filename = array_shift( $parts );
$extension = array_pop( $parts );
$mimes = get_allowed_mime_types();
/*
* Loop over any intermediate extensions. Postfix them with a trailing underscore
* if they are a 2 - 5 character long alpha string not in the allowed extension list.
*/
foreach ( (array) $parts as $part ) {
$filename .= '.' . $part;
if ( preg_match( '/^[a-zA-Z]{2,5}\d?$/', $part ) ) {
$allowed = false;
foreach ( $mimes as $ext_preg => $mime_match ) {
$ext_preg = '!^(' . $ext_preg . ')$!i';
if ( preg_match( $ext_preg, $part ) ) {
$allowed = true;
break;
}
}
if ( ! $allowed ) {
$filename .= '_';
}
}
}
$filename .= '.' . $extension;
/**
* Filters a sanitized filename string.
*
* @since 2.8.0
*
* @param string $filename Sanitized filename.
* @param string $filename_raw The filename prior to sanitization.
*/
return apply_filters( 'sanitize_file_name', $filename, $filename_raw );
}
Related Functions
