diff --git a/modules/Settings/Vtiger/actions/CompanyDetailsSave.php b/modules/Settings/Vtiger/actions/CompanyDetailsSave.php
index daedf32a73e26ac60fe2c1000f26db9f5fe7ec5b..44590496d3bae26a7e71b3395080b776fa272bc0 100644
--- a/modules/Settings/Vtiger/actions/CompanyDetailsSave.php
+++ b/modules/Settings/Vtiger/actions/CompanyDetailsSave.php
@@ -32,6 +32,7 @@ class Settings_Vtiger_CompanyDetailsSave_Action extends Settings_Vtiger_Basic_Ac
 		$status = false;
 		if ($request->get('organizationname')) {
 			$saveLogo = $status = true;
+			$logoName = false;
 			if(!empty($_FILES['logo']['name'])) {
 				$logoDetails = $_FILES['logo'];
 				$fileType = explode('/', $logoDetails['type']);
@@ -64,8 +65,8 @@ class Settings_Vtiger_CompanyDetailsSave_Action extends Settings_Vtiger_Basic_Ac
 			foreach ($fields as $fieldName => $fieldType) {
 				$fieldValue = $request->get($fieldName);
 				if ($fieldName === 'logoname') {
-					if (!empty($logoDetails['name'])) {
-						$fieldValue = decode_html(ltrim(basename(" " . $logoDetails['name'])));
+					if (!empty($logoDetails['name']) && $logoName) {
+						$fieldValue = decode_html(ltrim(basename(" " . $logoName)));
 					} else {
 						$fieldValue = decode_html($moduleModel->get($fieldName));
 					}
diff --git a/modules/Vtiger/helpers/Util.php b/modules/Vtiger/helpers/Util.php
index 3ea6edf4f9c00b3b2c5d76985dd6774d859d5582..1bb5ade98dd702be28aa6b87a6e80773688d85eb 100644
--- a/modules/Vtiger/helpers/Util.php
+++ b/modules/Vtiger/helpers/Util.php
@@ -383,8 +383,11 @@ class Vtiger_Util_Helper {
 	 * @param <Array> $badFileExtensions
 	 * @return <String> sanitized file name
 	 */
-	public static function sanitizeUploadFileName($fileName, $badFileExtensions) {
-		$fileName = preg_replace('/\s+/', '_', $fileName);//replace space with _ in filename
+	public static function sanitizeUploadFileName($fileName, $badFileExtensions = false) {
+		if (!$badFileExtensions) {
+			$badFileExtensions = vglobal('upload_badext');
+		}
+		$fileName = preg_replace('/[\s#%&]+/', '_', $fileName);//replace space,#,%,& with _ in filename
 		$fileName = rtrim($fileName, '\\/<>?*:"<>|');
 
 		$fileNameParts = explode('.', $fileName);
@@ -403,6 +406,9 @@ class Vtiger_Util_Helper {
 		if ($badExtensionFound) {
 			$newFileName .= ".txt";
 		}
+
+		$newFileName = ltrim(basename(' '.$newFileName));//allowed filename like UTF-8 characters
+		
 		return $newFileName;
 	}