Open JoyChou93 opened 7 years ago
Content-Disposition: form-data;filename="x.jpg";name="file";filename="xx.php"
returns x.jpg
x.jpg
But, in fact, uploaded file name is xx.php.
xx.php
The regex of get filename is risky.
returns
x.jpg
But, in fact, uploaded file name is
xx.php
.The regex of get filename is risky.