Validated Source, Not Destination
A file upload handler validates the source filename's extension and writes the file under a destination basename the caller supplied separately. Validating one filename does not validate the other.
A file upload handler validates the source filename's extension and writes the file under a destination basename the caller supplied separately. Validating one filename does not validate the other.