Issue regarding uploading file filtering

[nevercodecorrect]

Hello, While trying the tool, I find that the uploading file functionality relies on using the user-provided filename extension which could be a security issue as described in CWE-646: Reliance on File Name or Extension of Externally-Supplied File. Attacker could obfuscate the file name extension and drop malicious code on the server for the further attack. Thanks for reading.