Just wanted to point out that its probably a bad idea to rely on the browser supplied file type for file uploads.
https://php.net/manual/en/reserved.variables.files.php#109902
Better to use mime_content_type() to get the correct extension.
modes/cms/photo.php: Line 182