diff --git a/core/Controller/AvatarController.php b/core/Controller/AvatarController.php
index b27d11822253c63077a166e2fc6ce8dafe563d5e..c6f320dd0fee632c504378689643786e9f2f69d1 100644
--- a/core/Controller/AvatarController.php
+++ b/core/Controller/AvatarController.php
@@ -189,7 +189,22 @@ class AvatarController extends Controller {
 					Http::STATUS_BAD_REQUEST
 				);
 			}
-			$content = $node->getContent();
+
+			if ($node->getMimeType() !== 'image/jpeg' && $node->getMimeType() !== 'image/png') {
+				return new JSONResponse(
+					['data' => ['message' => $this->l->t('The selected file is not an image.')]],
+					Http::STATUS_BAD_REQUEST
+				);
+			}
+
+			try {
+				$content = $node->getContent();
+			} catch (\OCP\Files\NotPermittedException $e) {
+				return new JSONResponse(
+					['data' => ['message' => $this->l->t('The selected file cannot be read.')]],
+					Http::STATUS_BAD_REQUEST
+				);
+			}
 		} elseif (!is_null($files)) {
 			if (
 				$files['error'][0] === 0 &&
diff --git a/settings/js/personal.js b/settings/js/personal.js
index 3290074a84c2ac4477f92922f0b4eb23847eef36..dbc82758fd138914af6816ca84142b123b77fee8 100644
--- a/settings/js/personal.js
+++ b/settings/js/personal.js
@@ -306,8 +306,8 @@ $(document).ready(function () {
 				msg = data.jqXHR.responseJSON.data.message;
 			}
 			avatarResponseHandler({
-			data: {
-					message: t('settings', 'An error occurred: {message}', { message: msg })
+				data: {
+					message: msg
 				}
 			});
 		}
@@ -324,7 +324,7 @@ $(document).ready(function () {
 					url: OC.generateUrl('/avatar/'),
 					data: { path: path }
 				}).done(avatarResponseHandler)
-					.fail(function(jqXHR, status){
+					.fail(function(jqXHR) {
 						var msg = jqXHR.statusText + ' (' + jqXHR.status + ')';
 						if (!_.isUndefined(jqXHR.responseJSON) &&
 							!_.isUndefined(jqXHR.responseJSON.data) &&
@@ -334,7 +334,7 @@ $(document).ready(function () {
 						}
 						avatarResponseHandler({
 							data: {
-								message: t('settings', 'An error occurred: {message}', { message: msg })
+								message: msg
 							}
 						});
 					});
diff --git a/tests/Core/Controller/AvatarControllerTest.php b/tests/Core/Controller/AvatarControllerTest.php
index af75c4bb751d5f95b3562ddd25bfd4859c3179c8..b87f73366fa73b11f7c8d0c666c0a70dfa6c0bce 100644
--- a/tests/Core/Controller/AvatarControllerTest.php
+++ b/tests/Core/Controller/AvatarControllerTest.php
@@ -38,6 +38,7 @@ use OCP\Files\Cache\ICache;
 use OCP\Files\File;
 use OCP\Files\IRootFolder;
 use OCP\Files\NotFoundException;
+use OCP\Files\NotPermittedException;
 use OCP\IAvatar;
 use OCP\IAvatarManager;
 use OCP\IL10N;
@@ -334,7 +335,12 @@ class AvatarControllerTest extends \Test\TestCase {
 		//Mock node API call
 		$file = $this->getMockBuilder('OCP\Files\File')
 			->disableOriginalConstructor()->getMock();
-		$file->method('getContent')->willReturn(file_get_contents(\OC::$SERVERROOT.'/tests/data/testimage.jpg'));
+		$file->expects($this->once())
+			->method('getContent')
+			->willReturn(file_get_contents(\OC::$SERVERROOT.'/tests/data/testimage.jpg'));
+		$file->expects($this->once())
+			->method('getMimeType')
+			->willReturn('image/jpeg');
 		$userFolder = $this->getMockBuilder('OCP\Files\Folder')->getMock();
 		$this->rootFolder->method('getUserFolder')->with('userid')->willReturn($userFolder);
 		$userFolder->method('get')->willReturn($file);
@@ -365,6 +371,39 @@ class AvatarControllerTest extends \Test\TestCase {
 		$this->assertEquals(['data' => ['message' => 'Please select a file.']], $response->getData());
 	}
 
+	public function testPostAvatarInvalidType() {
+		$file = $this->getMockBuilder('OCP\Files\File')
+			->disableOriginalConstructor()->getMock();
+		$file->expects($this->never())
+			->method('getContent');
+		$file->expects($this->exactly(2))
+			->method('getMimeType')
+			->willReturn('text/plain');
+		$userFolder = $this->getMockBuilder('OCP\Files\Folder')->getMock();
+		$this->rootFolder->method('getUserFolder')->with('userid')->willReturn($userFolder);
+		$userFolder->method('get')->willReturn($file);
+
+		$expectedResponse = new Http\JSONResponse(['data' => ['message' => 'The selected file is not an image.']], Http::STATUS_BAD_REQUEST);
+		$this->assertEquals($expectedResponse, $this->avatarController->postAvatar('avatar.jpg'));
+	}
+
+	public function testPostAvatarNotPermittedException() {
+		$file = $this->getMockBuilder('OCP\Files\File')
+			->disableOriginalConstructor()->getMock();
+		$file->expects($this->once())
+			->method('getContent')
+			->willThrowException(new NotPermittedException());
+		$file->expects($this->once())
+			->method('getMimeType')
+			->willReturn('image/jpeg');
+		$userFolder = $this->getMockBuilder('OCP\Files\Folder')->getMock();
+		$this->rootFolder->method('getUserFolder')->with('userid')->willReturn($userFolder);
+		$userFolder->method('get')->willReturn($file);
+
+		$expectedResponse = new Http\JSONResponse(['data' => ['message' => 'The selected file cannot be read.']], Http::STATUS_BAD_REQUEST);
+		$this->assertEquals($expectedResponse, $this->avatarController->postAvatar('avatar.jpg'));
+	}
+
 	/**
 	 * Test what happens if the upload of the avatar fails
 	 */
@@ -374,7 +413,12 @@ class AvatarControllerTest extends \Test\TestCase {
 			->will($this->throwException(new \Exception("foo")));
 		$file = $this->getMockBuilder('OCP\Files\File')
 			->disableOriginalConstructor()->getMock();
-		$file->method('getContent')->willReturn(file_get_contents(\OC::$SERVERROOT.'/tests/data/testimage.jpg'));
+		$file->expects($this->once())
+			->method('getContent')
+			->willReturn(file_get_contents(\OC::$SERVERROOT.'/tests/data/testimage.jpg'));
+		$file->expects($this->once())
+			->method('getMimeType')
+			->willReturn('image/jpeg');
 		$userFolder = $this->getMockBuilder('OCP\Files\Folder')->getMock();
 		$this->rootFolder->method('getUserFolder')->with('userid')->willReturn($userFolder);
 		$userFolder->method('get')->willReturn($file);