Description: Sanitize title of uploaded filename
 Convert uploaded filename to title, but sanitize it
 Fixes CVE-2016-7168
Author: jeremyfelt@wordpress.org
Origin: upstream, https://core.trac.wordpress.org/changeset/38538
Applied-Upstream: 4.6.1
Reviewed-by: Craig Small <csmall@debian.org>
Last-Update: 2016-09-10
--- a/wp-admin/includes/media.php
+++ b/wp-admin/includes/media.php
@@ -279,7 +279,7 @@
 	$url = $file['url'];
 	$type = $file['type'];
 	$file = $file['file'];
-	$title = $name;
+	$title = sanitize_title( $name );
 	$content = '';
 
 	if ( preg_match( '#^audio#', $type ) ) {
