diff --git a/api/r0/upload_async.go b/api/r0/upload_async.go
index 30800652..2a9d902e 100644
--- a/api/r0/upload_async.go
+++ b/api/r0/upload_async.go
@@ -19,6 +19,14 @@ func UploadMediaAsync(r *http.Request, rctx rcontext.RequestContext, user _apime
 	server := _routers.GetParam("server", r)
 	mediaId := _routers.GetParam("mediaId", r)
 	filename := filepath.Base(r.URL.Query().Get("filename"))
+	// GK-CUSTOMIZATION: Sanitize the filename
+	if len(filename) > 24 {
+		return &_responses.ErrorResponse{
+			Code:         common.ErrCodeBadRequest,
+			Message:      "Filename too long.",
+			InternalCode: common.ErrCodeBadRequest,
+		}
+	}
 
 	rctx = rctx.LogWithFields(logrus.Fields{
 		"mediaId":  mediaId,
diff --git a/api/r0/upload_sync.go b/api/r0/upload_sync.go
index 87f81beb..9535ed4e 100644
--- a/api/r0/upload_sync.go
+++ b/api/r0/upload_sync.go
@@ -23,6 +23,14 @@ type MediaUploadedResponse struct {
 
 func UploadMediaSync(r *http.Request, rctx rcontext.RequestContext, user _apimeta.UserInfo) interface{} {
 	filename := filepath.Base(r.URL.Query().Get("filename"))
+	// GK-CUSTOMIZATION: Sanitize the filename
+	if len(filename) > 24 {
+		return &_responses.ErrorResponse{
+			Code:         common.ErrCodeBadRequest,
+			Message:      "Filename too long.",
+			InternalCode: common.ErrCodeBadRequest,
+		}
+	}
 
 	rctx = rctx.LogWithFields(logrus.Fields{
 		"filename": filename,