* the previous one could allow a SQL injection, since the
`opts.filetype` value came straight from the browser
* this more precise regex match will not produce spurious
matches (which were very unlikely, true, but still, let's be
precise) (`video/movingimages` would have matched `%image%`!)