[HttpFoundation] Sanitize uploaded file original name

src/Symfony/Component/HttpFoundation/File/UploadedFile.php

@@ -82,7 +82,7 @@ class UploadedFile extends File
         }
 
         $this->path = realpath($path);
-        $this->originalName = $originalName;
+        $this->originalName = basename($originalName);
         $this->mimeType = $mimeType ?: 'application/octet-stream';
         $this->size = $size;
         $this->error = $error ?: UPLOAD_ERR_OK;

tests/Symfony/Tests/Component/HttpFoundation/File/UploadedFileTest.php

@@ -77,6 +77,19 @@ class UploadedFileTest extends \PHPUnit_Framework_TestCase
             null
         );
 
-        $this->assertEquals('test.gif', $file->getName());
+        $this->assertEquals('original.gif', $file->getOriginalName());
     }
+    
+    public function testGetOriginalNameSanitizeFilename()
+    {
+        $file = new UploadedFile(
+            __DIR__.'/Fixtures/test.gif',
+            '../../original.gif',
+            'image/gif',
+            filesize(__DIR__.'/Fixtures/test.gif'),
+            null
+        );
+
+        $this->assertEquals('original.gif', $file->getOriginalName());
+    }    
 }