Disallow tiff (and other non png non text) uploads
Tiff is a quite a complicated format. Its implementation can contain vulnerabilities.
Some man creates tickets with tiffs attached: #23140 (moved), #23085 (moved).
People consider this as an attack. They even ask him in a rude form not to post tiffs. Maybe we should protect him from such a rudeness ;) I suggest to disallow uploads of non-text formats other than the ones in the following whitelist: ["png"].