diff --git a/admin/include/functions_upload.inc.php b/admin/include/functions_upload.inc.php
index 4869eb795..69dcedc89 100644
--- a/admin/include/functions_upload.inc.php
+++ b/admin/include/functions_upload.inc.php
@@ -237,11 +237,13 @@ SELECT
       }
       else
       {
+        unlink($source_filepath);
         die('unexpected file type');
       }
     }
     else
     {
+      unlink($source_filepath);
       die('forbidden file type');
     }
 
diff --git a/include/ws_functions/pwg.images.php b/include/ws_functions/pwg.images.php
index 62a4a9bd6..6a8685437 100644
--- a/include/ws_functions/pwg.images.php
+++ b/include/ws_functions/pwg.images.php
@@ -1348,6 +1348,10 @@ function ws_images_upload($params, $service)
     $fileName = uniqid("file_");
   }
 
+  // change the name of the file in the buffer to avoid any unexpected
+  // extension. Function add_uploaded_file will eventually clean the mess.
+  $fileName = md5($fileName);
+
   $filePath = $upload_dir.DIRECTORY_SEPARATOR.$fileName;
 
   // Chunking might be enabled