[pwdisswordfishs]

For server implementations that aren't braindead, that is indeed the important bit. Computers don't inherently know how to run PHP. If the request handler doesn't look at the file extension to decide whether or not to pass the contents to the PHP interpreter (if PHP is even installed on the system), then image.php isn't going to run any PHP.

[_def]

They checked mime type for upload validation. Obviously the server request handler was configured to pass files to php, that was the whole point of the story.