Wget Content-Disposition filename parsing can over-append via RFC2231 continuations

While auditing Wget's HTTP Content-Disposition handling, I found a parser path that accumulates filename continuations by reallocating based on strlen(current) + token_length, then memcpy()ing the next token into the tail. The code trusts the parsed token boundaries and only strips directory components, but the continuation logic can combine attacker-controlled segments into the final output name. This is a useful pattern to watch in header parsers that support RFC2231-style continuations.