You can clone with
HTTPS or Subversion.
When a form is POST'ed with multipart data, disallow using req:body_qs() and req:body() with a meaningful error or exception, because it interferes with req:multipart_data().
When a form is POST'ed with urlencoded content type, or when page is GET'ed, disallow using req:multipart_data with a meaningful error or exception.
Also disallow calling them in any succession more than once, since first call clears body and subsequent calls return no data causing confusion.
I'll pre-emptively close this. multipart_data isn't and will not be documented. Instead an easy way to stream/parse what's coming from body/stream_body functions will be added. Thanks anyway!