diff --git a/main/inc/ajax/document.ajax.php b/main/inc/ajax/document.ajax.php
index b04e13ab6aa..7ef9a735d6d 100755
--- a/main/inc/ajax/document.ajax.php
+++ b/main/inc/ajax/document.ajax.php
@@ -59,9 +59,12 @@
                 }
                 if (!empty($fileList)) {
                     foreach ($fileList as $n => $file) {
-                        $tmpFile = $tempDirectory.$file['name'];
+                        $tmpFile = disable_dangerous_file(
+                            api_replace_dangerous_char($file['name'])
+                        );
+
                         file_put_contents(
-                            $tmpFile,
+                            $tempDirectory.$tmpFile,
                             fopen($file['tmp_name'], 'r'),
                             FILE_APPEND
                         );