2 files changed, 14 insertions, 1 deletions

diff --git a/system/admin/upload/upload.go b/system/admin/upload/upload.go
index 6b99dfc..cab3bb7 100644
--- a/system/admin/upload/upload.go
+++ b/system/admin/upload/upload.go
@@ -8,6 +8,8 @@ import (
 	"path/filepath"
 	"strconv"
 	"time"
+
+	"github.com/ponzu-cms/ponzu/system/item"
 )
 
 // StoreFiles stores file uploads at paths like /YYYY/MM/filename.ext
@@ -50,7 +52,11 @@ func StoreFiles(req *http.Request) (map[string]string, error) {
 
 	// loop over all files and save them to disk
 	for name, fds := range req.MultipartForm.File {
-		filename := fds[0].Filename
+		filename, err := item.NormalizeString(fds[0].Filename)
+		if err != nil {
+			return nil, err
+		}
+
 		src, err := fds[0].Open()
 		if err != nil {
 			err := fmt.Errorf("Couldn't open uploaded file: %s", err)
diff --git a/system/item/item.go b/system/item/item.go
index f6e8f99..99d70a8 100644
--- a/system/item/item.go
+++ b/system/item/item.go
@@ -258,6 +258,7 @@ func stringToSlug(s string) (string, error) {
 
 	str := strings.Replace(string(src), "'", "", -1)
 	str = strings.Replace(str, `"`, "", -1)
+	str = strings.Replace(str, "&", "-", -1)
 
 	t := transform.Chain(norm.NFD, transform.RemoveFunc(isMn), norm.NFC)
 	slug, _, err := transform.String(t, str)
@@ -267,3 +268,9 @@ func stringToSlug(s string) (string, error) {
 
 	return strings.TrimSpace(slug), nil
 }
+
+// NormalizeString removes and replaces illegal characters for URLs and other
+// path entities. Useful for taking user input and converting it for keys or URLs.
+func NormalizeString(s string) (string, error) {
+	return stringToSlug(s)
+}