with a public page allowing file uploads in HTML Editor, there are a few things you will want to edit in the webassist/kfm/initialize.php file
first, only allow image uploads:
$kfm->defaultSetting('only_allow_image_upload',1);
edit the banned upload array to include every combination of php.imgExtension you can think of, for example:
$kfm->defaultSetting('banned_upload_extensions',array('php.jpeg','php.jpg','php.png'));
you may also want to add js.imgExtesnion to the banned list to.