diff --git a/core/modules/file/file.module b/core/modules/file/file.module
index d69c149..5ef7464 100644
--- a/core/modules/file/file.module
+++ b/core/modules/file/file.module
@@ -834,7 +834,19 @@ function file_save_upload($form_field_name, $validators = array(), $destination
     if (substr($destination, -1) != '/') {
       $destination .= '/';
     }
-    $file->destination = file_destination($destination . $file->getFilename(), $replace);
+
+    // Transliterate and sanitize the destination filename.
+    $clean_filename = \Drupal::transliteration()->transliterate($file->getFilename(), 'en', '');
+    // Replace whitespace.
+    $clean_filename = str_replace(' ', '_', $clean_filename);
+    // Remove remaining unsafe characters.
+    $clean_filename = preg_replace('![^0-9A-Za-z_.-]!', '', $clean_filename);
+    // Remove multiple consecutive non-alphabetical characters.
+    $clean_filename = preg_replace('/(_)_+|(\.)\.+|(-)-+/', '\\1\\2\\3', $clean_filename);
+    // Force lowercase to prevent issues on case-insensitive file systems.
+    $clean_filename = strtolower($clean_filename);
+
+    $file->destination = file_destination($destination . $clean_filename, $replace);
     // If file_destination() returns FALSE then $replace === FILE_EXISTS_ERROR and
     // there's an existing file so we need to bail.
     if ($file->destination === FALSE) {