Image upload doesn't check mime type

[cseifert]

The image upload of the user profile only checks the file extension and uploads the file independent of its content. So you can create a file "image.jpg", add any content and upload it without any error. It would be great if the upload relies on mime types instead of the user defined extension name.