9 calls to file_munge_filename() in Drupal 8

FileUploadResource::prepareFilename in core/modules/file/src/Plugin/rest/resource/FileUploadResource.php

Prepares the filename to strip out any malicious extensions.

NameMungingTest::testMungeIgnoreAllowedExtensions in core/tests/Drupal/KernelTests/Core/File/NameMungingTest.php

Tests that allowed extensions are ignored by file_munge_filename().

NameMungingTest::testMungeIgnoreInsecure in core/tests/Drupal/KernelTests/Core/File/NameMungingTest.php

If the system.file.allow_insecure_uploads setting evaluates to true, the file should come out untouched, no matter how evil the filename.

NameMungingTest::testMungeNullByte in core/tests/Drupal/KernelTests/Core/File/NameMungingTest.php

Tests munging with a null byte in the filename.

NameMungingTest::testMungeUnsafe in core/tests/Drupal/KernelTests/Core/File/NameMungingTest.php

Tests unsafe extensions are always munged by file_munge_filename().

NameMungingTest::testMunging in core/tests/Drupal/KernelTests/Core/File/NameMungingTest.php

Create a file and munge/unmunge the name.

NameMungingTest::testUnMunge in core/tests/Drupal/KernelTests/Core/File/NameMungingTest.php

Ensure that unmunge gets your name back.

TemporaryJsonapiFileFieldUploader::prepareFilename in core/modules/jsonapi/src/Controller/TemporaryJsonapiFileFieldUploader.php

Prepares the filename to strip out any malicious extensions.

_file_save_upload_single in core/modules/file/file.module

Saves a file upload to a new location.