You may be interested in Data::FormValidator::Constraints::Upload. It can validate the upload based on the file format, the file size, and maximum image dimensions (if that applies). It uses File::MMagic for some of the brains of the file type checking. This means that rather than trusting the file name extension or the content type that was sent, it examines the contents of the file to see if it can figure out the type based on what it really is.

I maintain that module, and feedback is welcome.

Mark