.fail
the application performs no control over the file extension. As a matter of fact, we were able to upload images, text files which extensions have been modified to images, and even plain text files without performing extension editing
Actually Unixes don't use the lame and naive system of determining a file's type by looking at its extension. They use magic numbers - a binary analysis of the file. And that's what should be employed in input sanitization if indeed that's required in what i'm surmising is an image viewer. e.g. if you pass a non-image file to feh, it will tell you there's no "loader for that file format"