Dancer::Request returns 500 on Content-Type: multipart/form-data with no boundary

[rkgjohn]

When a request with Content-Type: multipart/form-data with no boundary (e.g. from a CVE-2017-5638 attack), the HTTP::Body->new on line 143 dies with "Invalid boundary in content_type: '***'" going to the log and a 500 error being returned to the browser.

Dancer should handle the die and return a 400 - Invalid Request.

Steps to reproduce - $ curl --head 'https://www.example.com/' -H 'Content-Type: multipart/form-data boundary=------boundary-------' HTTP/1.1 200 OK $curl --head 'https://www.example.com/' -H 'Content-Type: multipart/form-data' HTTP/1.1 500 Internal Server Error