Index: functions.php
===================================================================
--- functions.php	(revision 26782)
+++ functions.php	(working copy)
@@ -1894,7 +1894,19 @@
 	// We can't do any further validation without a file to work with
 	if ( ! file_exists( $file ) )
 		return compact( 'ext', 'type', 'proper_filename' );
+		
+	// if php supports finfo check if the extension does matches the file's real type
+	if (function_exists('finfo_file')) {
+		$finfo = finfo_open(FILEINFO_MIME_TYPE);
+	    $mime = finfo_file($finfo, $file);
+	    finfo_close($finfo);
 
+		// the extension does not match the file's real type
+		if ($mime !== $type) { 
+			$type = $ext = false;
+		}	    
+	}
+
 	// We're able to validate images using GD
 	if ( $type && 0 === strpos( $type, 'image/' ) && function_exists('getimagesize') ) {