Filenames for file uploads in form

I have a form posting to Perch forms that includes a file upload input, allowing users of the website to upload photos. Filenames of uploaded files are not sanitised - punctuation symbols like brackets and ampersands are accepted and so are spaces in the filenames.

Is that working correctly? The only operation affecting filenames appears to be the addition of a timestamp if a file has the same name as an existing file in the same directory.

I'm curious because files uploaded using the Perch admin are subject to much more stringent sanitisation.

The template is in the templates/content directory (not templates/forms). Template code (abbreviated):

Diagnostics:

Perch Runway: 3.1.5, PHP: 7.3.11, MySQL: mysqlnd 5.0.12-dev - 20150407 - $Id: 7cc7cc96e675f6d72e5cf0f267f48e167c2abb23 $, with PDO

Server OS: WINNT, apache2handler

Installed apps: content (3.1.5), assets (3.1.5), categories (3.1.5), perch_forms (1.12)

App runtimes: <?php $apps_list = [ 'perch_forms', ]; ?>

PERCH_LOGINPATH: /cms

PERCH_PATH: C:\wamp\www\XXXX\cms

PERCH_CORE: C:\wamp\www\XXXX\cms\core

PERCH_RESFILEPATH: C:\wamp\www\XXXX\resources

Image manipulation: GD

PHP limits: Max upload 256M, Max POST 256M, Memory: 256M, Total max file upload: 256M

F1: 3b606135b33e6a102526838f4152a807

Resource folder writeable: Yes

HTTP_HOST: XXXX.local

DOCUMENT_ROOT: C:/wamp/www/XXXX

REQUEST_URI: /cms/core/settings/diagnostics/

SCRIPT_NAME: /cms/core/settings/diagnostics/index.php