Well the article you cited says
eBay has fixed a pair of security vulnerabilities in its site that could enable attackers to upload executable files disguised as benign file types, construct full path URLs and then point victims to them through drive-by download attacks.
That clearly would not work here, since I can’t repro it. Can you?
As for HTML pages being uploaded, I still don’t understand what the “exploit”. If you made a HTML page that says
Discourse causes cancer!
And wanted us to serve it, Ok that would be bad. We don’t want discourse.org to serve a web page that tells people Discourse causes cancer.
But that doesn’t work either. You could rename that file and upload it as a gif but it will always be served as a GIF! Never as a HTML file.
At the point where you download the GIF, rename the file on your local computer and click on it… that’s not an exploit.
I agree that it’s not a bad idea to run some additional checks on images to make sure they are images, but there’s no exploit around it here that I can reproduce.