diff --git a/models/site.rb b/models/site.rb
index f5c3a6ae..d94a6b87 100644
--- a/models/site.rb
+++ b/models/site.rb
@@ -1165,7 +1165,14 @@ class Site < Sequel::Model
       clean << part if part != '..'
     end
 
-    clean.join '/'
+    clean_path = clean.join '/'
+
+    # Scrub carriage garbage (everything below 32 bytes.. http://www.asciitable.com/)
+    clean_path.each_codepoint do |c|
+      raise ArgumentError, 'invalid character for filename' if c < 32
+    end
+
+    clean_path
   end
 
   def current_files_path(path='')
diff --git a/tests/site_file_tests.rb b/tests/site_file_tests.rb
index 1bb7f840..ee6197a2 100644
--- a/tests/site_file_tests.rb
+++ b/tests/site_file_tests.rb
@@ -106,6 +106,22 @@ describe 'site_files' do
       res = @site.site_files.select {|sf| sf.path == 'index.html'}.first.rename('notindex.html')
       res.must_equal [false, 'cannot rename or move root index.html']
     end
+
+    it 'works with unicode characters' do
+      uploaded_file = Rack::Test::UploadedFile.new('./tests/files/test.jpg', 'image/jpeg')
+      upload 'files[]' => uploaded_file
+      @site.site_files.last.rename("HELL💩؋.jpg")
+      @site.site_files.last.path.must_equal "HELL💩؋.jpg"
+    end
+
+    it 'scrubs weird carriage return shit characters' do
+      uploaded_file = Rack::Test::UploadedFile.new('./tests/files/test.jpg', 'image/jpeg')
+      upload 'files[]' => uploaded_file
+      proc {
+        @site.site_files.last.rename("\r\n\t.jpg")
+      }.must_raise ArgumentError
+      @site.site_files.last.path.must_equal "test.jpg"
+    end
   end
 
   describe 'delete' do