diff --git a/src/wp-admin/includes/file.php b/src/wp-admin/includes/file.php
index 46e9ecc6bb..ddd2be849a 100644
--- a/src/wp-admin/includes/file.php
+++ b/src/wp-admin/includes/file.php
@@ -1198,6 +1198,8 @@ function download_url( $url, $timeout = 300, $signature_verification = false ) {
 		if ( $tmpfname_disposition && is_string( $tmpfname_disposition )
 			&& ( 0 === validate_file( $tmpfname_disposition ) )
 		) {
+			$tmpfname_disposition = dirname( $tmpfname ) . '/' . $tmpfname_disposition;
+
 			if ( rename( $tmpfname, $tmpfname_disposition ) ) {
 				$tmpfname = $tmpfname_disposition;
 			}
diff --git a/tests/phpunit/tests/admin/includesFile.php b/tests/phpunit/tests/admin/includesFile.php
index 421137bc14..7955e10a75 100644
--- a/tests/phpunit/tests/admin/includesFile.php
+++ b/tests/phpunit/tests/admin/includesFile.php
@@ -101,6 +101,24 @@ class Tests_Admin_IncludesFile extends WP_UnitTestCase {
 		remove_filter( 'pre_http_request', array( $this, $filter ) );
 	}
 
+	/**
+	 * @ticket #55109
+	 * @dataProvider data_save_to_temp_directory_when_getting_filename_from_content_disposition_header
+	 *
+	 * @covers ::download_url
+	 *
+	 * @param $filter A callback containing a fake Content-Disposition header.
+	 */
+	public function test_save_to_temp_directory_when_getting_filename_from_content_disposition_header( $filter ) {
+		add_filter( 'pre_http_request', array( $this, $filter ), 10, 3 );
+
+		$filename = download_url( 'url_with_content_disposition_header' );
+		$this->assertStringContainsString( get_temp_dir(), $filename );
+		$this->unlink( $filename );
+
+		remove_filter( 'pre_http_request', array( $this, $filter ) );
+	}
+
 	/**
 	 * Data provider for test_download_url_should_respect_filename_from_content_disposition_header.
 	 *
@@ -114,6 +132,17 @@ class Tests_Admin_IncludesFile extends WP_UnitTestCase {
 		);
 	}
 
+	/**
+	 * Data provider for test_save_to_temp_directory_when_getting_filename_from_content_disposition_header.
+	 *
+	 * @return array
+	 */
+	public function data_save_to_temp_directory_when_getting_filename_from_content_disposition_header() {
+		return array(
+			'valid parameters' => array( 'filter_content_disposition_header_with_filename' ),
+		);
+	}
+
 	/**
 	 * Filter callback for data_download_url_should_respect_filename_from_content_disposition_header.
 	 *