The function of getting filename can be bypassed

[JoyChou93]

Content-Disposition: form-data;filename="x.jpg";name="file";filename="xx.php"

returns x.jpg

But, in fact, uploaded file name is xx.php.

The regex of get filename is risky.