lua-resty-multipart-parser
lua-resty-multipart-parser copied to clipboard
The function of getting filename can be bypassed
Content-Disposition: form-data;filename="x.jpg";name="file";filename="xx.php"
returns x.jpg
But, in fact, uploaded file name is xx.php
.
The regex of get filename is risky.