Index: openacs-4/packages/xowiki/tcl/form-field-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/xowiki/tcl/form-field-procs.tcl,v
diff -u -r1.284.2.134 -r1.284.2.135
--- openacs-4/packages/xowiki/tcl/form-field-procs.tcl	7 Dec 2020 16:15:03 -0000	1.284.2.134
+++ openacs-4/packages/xowiki/tcl/form-field-procs.tcl	9 Dec 2020 16:22:19 -0000	1.284.2.135
@@ -1821,8 +1821,15 @@
         tmpfile ${:tmpfile} \
         fn ${:value} {
 
+          # Sanitize the filename
           regsub -all {\\+} $fn {/} fn  ;# fix IE upload path
           set fn [ad_file tail $fn]
+          # Flip the two flags in the command below in case we want to
+          # become stricter. For now we just make sure the filename
+          # does not contain funky characters.
+          set fn [ad_sanitize_filename \
+                      -collapse_spaces=false \
+                      -tolower=false $fn]
 
           set file_object [:store_file \
                                -file_name $fn \