In testing MDLQA-7448, it requests renaming a text file and giving it a jpg extension and then to attempt to add that fake jpg file to the database. While the data is never written to the data_contents table the file is saved in files table.

mod/data/field/picture/field.class.php checks the contents using:

if ($file->get_imageinfo() === false) {

and then throws an error; however, it would be better if the filepicker caught that the alleged image is not really an image and rejected the file. I suspect that the picture field data was being checked before the filepicker exists but now that it is using it it would be good if the file were never accepted as it can cause some confusion about whether the record was added to the database activity module or not.

When non web image files are uploaded Error code: invalidfiletype in thrown - line 185 of /repository/upload/lib.php: moodle_exception thrown. If we were to check that not only is the file type correct but that the data is actually an image it would improve things by making the behavior consistent for the testing in MDLQA-7448. Peace - Anthony