In `sanitize_file_name()`, replace `%20` and `+` with dashes. Remove unnecessary code from `_wp_handle_upload()`.

Adds unit tests.

Props ericmann.
Fixes #16330.

Built from https://develop.svn.wordpress.org/trunk@29290


git-svn-id: http://core.svn.wordpress.org/trunk@29072 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-admin/includes/file.php

@@ -327,9 +327,6 @@ function _wp_handle_upload( &$file, $overrides, $time, $action ) {
 	}
 
 	$filename = wp_unique_filename( $uploads['path'], $file['name'], $unique_filename_callback );
-	// Strip the query strings.
-	$filename = str_replace( '?', '-', $filename );
-	$filename = str_replace( '&', '-', $filename );
 
 	// Move the file to the uploads dir.
 	$new_file = $uploads['path'] . "/$filename";

wp-includes/formatting.php

@@ -1049,6 +1049,7 @@ function sanitize_file_name( $filename ) {
 	$special_chars = apply_filters( 'sanitize_file_name_chars', $special_chars, $filename_raw );
 	$filename = preg_replace( "#\x{00a0}#siu", ' ', $filename );
 	$filename = str_replace($special_chars, '', $filename);
+	$filename = str_replace( array( '%20', '+' ), '-', $filename );
 	$filename = preg_replace('/[\s-]+/', '-', $filename);
 	$filename = trim($filename, '.-_');