Should we sanitize file names uploaded to server?

When uploading files to a serv开发者_C百科er. Should the file name be sanitized? i.e. avoiding non-ASCII characters like é or &?

Or should we allow these files to be saved as is?

PS. In Rails 3, I can't remember the method. It changes non-ascii chars to underscores and etc. Someone remind me pls. It's not sanitize. Its a different method.

Be aware that you sanitize /, \ and \0 if sent from maliciuos user agents. If your filesystem fully supports Unicode, I would save them as they were sent by agent.

My preferred solution: Use a unique id as filename and store real filename in an additional file or database. So your application gets portable for systems not supporting Unicode