diff --git a/include/class.forms.php b/include/class.forms.php
index 084ff7cd9c5c6e1432ece39484994f0517922885..e806d00b071d9f91a838fe2c4fa38281a47bfc00 100644
--- a/include/class.forms.php
+++ b/include/class.forms.php
@@ -2781,6 +2781,9 @@ class FileUploadField extends FormField {
         $file = array_shift($files);
         $file['name'] = urldecode($file['name']);
 
+        if (!$this->isValidFile($file))
+            Http::response(413, 'Invalid File');
+
         if (!$bypass && !$this->isValidFileType($file['name'], $file['type']))
             Http::response(415, 'File type is not allowed');
 
@@ -2807,6 +2810,9 @@ class FileUploadField extends FormField {
         if (!$this->isValidFileType($file['name'], $file['type']))
             throw new FileUploadError(__('File type is not allowed'));
 
+        if (!$this->isValidFile($file))
+             throw new FileUploadError(__('Invalid File'));
+
         $config = $this->getConfiguration();
         if ($file['size'] > $config['size'])
             throw new FileUploadError(__('File size is too large'));
@@ -2842,6 +2848,18 @@ class FileUploadField extends FormField {
         return $F;
     }
 
+    function isValidFile($file) {
+
+        // Check invalid image hacks
+        if ($file['tmp_name']
+                && stripos($file['type'], 'image/') === 0
+                && function_exists('exif_imagetype')
+                && !exif_imagetype($file['tmp_name']))
+            return false;
+
+        return true;
+    }
+
     function isValidFileType($name, $type=false) {
         $config = $this->getConfiguration();