diff --git a/app/controllers/avatar_controller.rb b/app/controllers/avatar_controller.rb
index b6efaef0c..afd206c92 100644
--- a/app/controllers/avatar_controller.rb
+++ b/app/controllers/avatar_controller.rb
@@ -29,43 +29,51 @@ class AvatarController < ApplicationController
     end
 
     if  @temp_file && (@temp_file.size > 0)
-      diskfile=disk_filename(@source_type,@source_id)
-      @urlfile='/' << File.join("images","avatars",avatar_directory(@source_type),avatar_filename(@source_id,@image_file))
+      if @temp_file.size > Setting.upload_avatar_max_size.to_i
+        @status = 1
+        @msg = l(:error_upload_avatar_to_large, :max_size => number_to_human_size(Setting.upload_avatar_max_size.to_i))
+      elsif Trustie::Utils::Image.new(@temp_file.tempfile.path).image?
+        diskfile=disk_filename(@source_type,@source_id)
+        @urlfile='/' << File.join("images","avatars",avatar_directory(@source_type),avatar_filename(@source_id,@image_file))
 
-      # 用户头像上传时进行特别处理
-      if  @source_type == 'User'
-        diskfile += "temp"
-        @urlfile += "temp"
-      end
+        # 用户头像上传时进行特别处理
+        if  @source_type == 'User'
+          diskfile += "temp"
+          @urlfile += "temp"
+        end
 
-      logger.info("Saving avatar '#{diskfile}' (#{@temp_file.size} bytes)")
-      path = File.dirname(diskfile)
-      unless File.directory?(path)
-        FileUtils.mkdir_p(path)
-      end
-      md5 = Digest::MD5.new
-      File.open(diskfile, "wb") do |f|
-        if @temp_file.respond_to?(:read)
-          buffer = ""
-          while (buffer = @temp_file.read(8192))
-            f.write(buffer)
-            md5.update(buffer)
+        logger.info("Saving avatar '#{diskfile}' (#{@temp_file.size} bytes)")
+        path = File.dirname(diskfile)
+        unless File.directory?(path)
+          FileUtils.mkdir_p(path)
+        end
+        md5 = Digest::MD5.new
+        File.open(diskfile, "wb") do |f|
+          if @temp_file.respond_to?(:read)
+            buffer = ""
+            while (buffer = @temp_file.read(8192))
+              f.write(buffer)
+              md5.update(buffer)
+            end
+          else
+            f.write(@temp_file)
+            md5.update(@temp_file)
           end
-        else
-          f.write(@temp_file)
-          md5.update(@temp_file)
         end
+
+        Trustie::Utils::Image.new(diskfile,true).compress(300)
+        @status = 0
+        @msg = ''
+      else
+        @status = 2
+        @msg = l(:not_valid_image_file)
       end
-#    self.digest = md5.hexdigest
     end
     @temp_file = nil
 
-    image = Trustie::Utils::Image.new(diskfile,true)
-    image.compress(300)
-
     respond_to do |format|
       format.json{
-        render :inline => "#{@urlfile.to_s}?#{Time.now.to_i}",:content_type => 'text/html'
+        render :inline => {status: @status, message:@msg, url:"#{@urlfile.to_s}?#{Time.now.to_i}"}.to_json,:content_type => 'text/html'
         return
       }
       format.js