PMA\libraries\Sanitize::sanitizeFilename PHP Метод

    public static function sanitizeFilename($filename, $replaceDots = false)
    {
        $pattern = '/[^A-Za-z0-9_';
        // if we don't have to replace dots
        if (!$replaceDots) {
            // then add the dot to the list of legit characters
            $pattern .= '.';
        }
        $pattern .= '-]/';
        $filename = preg_replace($pattern, '_', $filename);
        return $filename;
    }

/**
 * Sends header indicating file download.
 *
 * @param string $filename Filename to include in headers if empty,
 *                         none Content-Disposition header will be sent.
 * @param string $mimetype MIME type to include in headers.
 * @param int    $length   Length of content (optional)
 * @param bool   $no_cache Whether to include no-caching headers.
 *
 * @return void
 */
function PMA_downloadHeader($filename, $mimetype, $length = 0, $no_cache = true)
{
    if ($no_cache) {
        PMA_noCacheHeader();
    }
    /* Replace all possibly dangerous chars in filename */
    $filename = Sanitize::sanitizeFilename($filename);
    if (!empty($filename)) {
        header('Content-Description: File Transfer');
        header('Content-Disposition: attachment; filename="' . $filename . '"');
    }
    header('Content-Type: ' . $mimetype);
    // inform the server that compression has been done,
    // to avoid a double compression (for example with Apache + mod_deflate)
    $notChromeOrLessThan43 = PMA_USR_BROWSER_AGENT != 'CHROME' || PMA_USR_BROWSER_AGENT == 'CHROME' && PMA_USR_BROWSER_VER < 43;
    if (strpos($mimetype, 'gzip') !== false && $notChromeOrLessThan43) {
        header('Content-Encoding: gzip');
    }
    header('Content-Transfer-Encoding: binary');
    if ($length > 0) {
        header('Content-Length: ' . $length);
    }
}