diff --git a/src/aphront/response/AphrontFileResponse.php b/src/aphront/response/AphrontFileResponse.php
--- a/src/aphront/response/AphrontFileResponse.php
+++ b/src/aphront/response/AphrontFileResponse.php
@@ -101,6 +101,8 @@
 
       $filename = $this->getDownload();
       $filename = addcslashes($filename, '"\\');
+      $filename = preg_replace('/[\r\n\0]/', '', $filename);
+
       $headers[] = array(
         'Content-Disposition',
         'attachment; filename="'.$filename.'"',