Prevent uploading unknown files as images PART 1 (by extension)

[tusmester]

When we upload a file, it may become an image based on the allowed types on the parent. This lets us upload docx or pdf files as images. We have to restrict the extensions of files that can be uploaded as images to prevent uploading documents as images.

• blacklist or whitelist?

Currently this is a UX issue, because uploading a docx file as an image can be confusing. Denying the upload by extension is only a partial solution, reading the first few bytes is more accurate, but a more expensive solution.