lua-resty-multipart-parser icon indicating copy to clipboard operation
lua-resty-multipart-parser copied to clipboard

Published 20 hours ago verified publisher icon agentzh

The function of getting filename can be bypassed

Open JoyChou93 opened this issue 6 years ago • 0 comments 

Content-Disposition: form-data;filename="x.jpg";name="file";filename="xx.php"

returns x.jpg

But, in fact, uploaded file name is xx.php.

The regex of get filename is risky.

JoyChou93 avatar Oct 01 '17 08:10 JoyChou93