On the other hand, I think there's an argument to be made software should ignore file extensions whenever possible. Is really that hard for the backend to check if the file starts with "\xFF\xD8\xFF\xE0\0\x10JFIF\0\1" or "\x89PNG\r\n\x1A\n"? That would have caught this problem.
Yes, just hardcode what is hopefully the magic bytes for the formats we expect, what could possibly go wrong /s
The biggest joke here is that this wouldn't have helped the students either. I don't think any of them will pass the "there is a minute left on the timer and the website tells you your picture isn't JPEG or PNG" challenge.
