diff --git a/includes/file.inc b/includes/file.inc
index e37af02..d06db77 100644
--- a/includes/file.inc
+++ b/includes/file.inc
@@ -1222,10 +1222,10 @@ function file_unmunge_filename($filename) {
 function file_create_filename($basename, $directory) {
   // Strip control characters (ASCII value < 32). Though these are allowed in
   // some filesystems, not many applications handle them well.
-  $basename = preg_replace('/[\x00-\x1F]/u', '_', $basename);
+  $basename = preg_replace('/[\x00-\x1F]/u', '-', $basename);
   if (substr(PHP_OS, 0, 3) == 'WIN') {
     // These characters are not allowed in Windows filenames
-    $basename = str_replace(array(':', '*', '?', '"', '<', '>', '|'), '_', $basename);
+    $basename = str_replace(array(':', '*', '?', '"', '<', '>', '|'), '-', $basename);
   }
 
   // A URI or path may already have a trailing slash or look like "public://".
@@ -1252,7 +1252,7 @@ function file_create_filename($basename, $directory) {
 
     $counter = 0;
     do {
-      $destination = $directory . $separator . $name . '_' . $counter++ . $ext;
+      $destination = $directory . $separator . $name . '-' . $counter++ . $ext;
     } while (file_exists($destination));
   }
 
@@ -1563,7 +1563,10 @@ function file_save_upload($form_field_name, $validators = array(), $destination
   if (substr($destination, -1) != '/') {
     $destination .= '/';
   }
-  $file->destination = file_destination($destination . $file->filename, $replace);
+
+  $destination .= str_replace([' ', '_'], '-', $file->filename);
+
+  $file->destination = file_destination($destination, $replace);
   // If file_destination() returns FALSE then $replace == FILE_EXISTS_ERROR and
   // there's an existing file so we need to bail.
   if ($file->destination === FALSE) {