diff --git a/core/includes/file.inc b/core/includes/file.inc
index a991877..d846aff 100644
--- a/core/includes/file.inc
+++ b/core/includes/file.inc
@@ -817,9 +817,6 @@ function file_munge_filename($filename, $extensions, $alerts = TRUE) {
 
   // Allow potentially insecure uploads for very savvy users and admin
   if (!variable_get('allow_insecure_uploads', 0)) {
-    // Remove any null bytes. See http://php.net/manual/en/security.filesystem.nullbytes.php
-    $filename = str_replace(chr(0), '', $filename);
-
     $whitelist = array_unique(explode(' ', trim($extensions)));
 
     // Split the filename up by periods. The first part becomes the basename
diff --git a/core/modules/system/lib/Drupal/system/Tests/File/NameMungingTest.php b/core/modules/system/lib/Drupal/system/Tests/File/NameMungingTest.php
index b37123c..04d4d1c 100644
--- a/core/modules/system/lib/Drupal/system/Tests/File/NameMungingTest.php
+++ b/core/modules/system/lib/Drupal/system/Tests/File/NameMungingTest.php
@@ -38,6 +38,15 @@ function testMunging() {
   }
 
   /**
+   * Tests munging with a null byte in the filename.
+   */
+  function testMungeNullByte() {
+    $prefix = $this->randomName();
+    $filename = $prefix . '.' . $this->bad_extension . "\0.txt";
+    $this->assertEqual(file_munge_filename($filename, ''), $prefix . '.' $this->bad_extension . '_.txt', 'A filename with a null byte is correctly munged to remove the null byte.');
+  }
+
+  /**
    * If the allow_insecure_uploads variable evaluates to true, the file should
    * come out untouched, no matter how evil the filename.
    */