Index: wp-admin/includes/file.php
===================================================================
--- wp-admin/includes/file.php	(revision 19326)
+++ wp-admin/includes/file.php	(working copy)
@@ -509,6 +509,20 @@
 		unlink( $tmpfname );
 		return $response;
 	}
+	
+	// If no extension is given, add one based on the content-type header
+	$ext = pathinfo( $tmpfname, PATHINFO_EXTENSION );
+	if ( empty( $ext ) && !empty( $response['headers']['content-type'] ) ) {
+		$mimes = get_allowed_mime_types();
+		foreach ( (array) $mimes as $ext => $mime ) {
+			if ( preg_match( '!^(' . $mime . ')$!i', $response['headers']['content-type']) ) {
+				$ext = array_shift( explode( '|', $ext) );
+				rename($tmpfname, "$tmpfname.$ext");
+				$tmpfname .= ".$ext";
+				break;
+			}
+		}
+	}
 
 	if ( 200 != wp_remote_retrieve_response_code( $response ) ){
 		unlink( $tmpfname );
Index: wp-admin/includes/media.php
===================================================================
--- wp-admin/includes/media.php	(revision 19326)
+++ wp-admin/includes/media.php	(working copy)
@@ -587,7 +587,7 @@
 
 		// Set variables for storage
 		// fix file filename for query strings
-		preg_match('/[^\?]+\.(jpg|JPG|jpe|JPE|jpeg|JPEG|gif|GIF|png|PNG)/', $file, $matches);
+		preg_match('/[^\?]+\.(jpg|JPG|jpe|JPE|jpeg|JPEG|gif|GIF|png|PNG)/', $tmp, $matches);
 		$file_array['name'] = basename($matches[0]);
 		$file_array['tmp_name'] = $tmp;