Fix multipart parsing bug

Escape special regex characters from the boundary before placing into
the regexs used to locate the boundaries in the multipart data.

src/werkzeug/sansio/multipart.py

@@ -101,7 +101,7 @@ def __init__(
         # group to understand if it is an epilogue boundary.
         self.preamble_re = re.compile(
             br"%s?--%s(--[^\S\n\r]*%s?|[^\S\n\r]*%s)"
-            % (LINE_BREAK, boundary, LINE_BREAK, LINE_BREAK),
+            % (LINE_BREAK, re.escape(boundary), LINE_BREAK, LINE_BREAK),
             re.MULTILINE,
         )
         # A boundary must include a line break prefix and suffix, and
@@ -110,7 +110,7 @@ def __init__(
         # understand if it is an epilogue boundary.
         self.boundary_re = re.compile(
             br"%s--%s(--[^\S\n\r]*%s?|[^\S\n\r]*%s)"
-            % (LINE_BREAK, boundary, LINE_BREAK, LINE_BREAK),
+            % (LINE_BREAK, re.escape(boundary), LINE_BREAK, LINE_BREAK),
             re.MULTILINE,
         )
 

tests/sansio/test_multipart.py

@@ -10,18 +10,18 @@
 
 
 def test_decoder_simple() -> None:
-    boundary = b"---------------------------9704338192090380615194531385"
+    boundary = b"---------------------------9704338192090380615194531385$"
     decoder = MultipartDecoder(boundary)
     data = """
------------------------------9704338192090380615194531385
+-----------------------------9704338192090380615194531385$
 Content-Disposition: form-data; name="fname"
 
 ß∑œß∂ƒå∂
------------------------------9704338192090380615194531385
+-----------------------------9704338192090380615194531385$
 Content-Disposition: form-data; name="lname"; filename="bob"
 
 asdasd
------------------------------9704338192090380615194531385--
+-----------------------------9704338192090380615194531385$--
     """.replace(
         "\n", "\r\n"
     ).encode(