The <link> for the Favicon defaults to image/x-icon, even when it would make much more sense to use a different MIME type. Here, we simply default to image/x-icon, but provide specific support for image/x-gif and image/x-png if the file looks like one of those (i.e., ends in the appropriate extension).
Note that this patch might conceivably break if you have a favicon specified with a path like "/.i", in which case the substr will fail with an out-of-bounds error. The likelihood of this is effectively nil (even "/a.b" wouldn't fail, as it has to be shorter than four characters), and it's strictly a failure case, not a security problem, as the out-of-bounds error on substr is unrecoverable. Additionally, this setting can only be configured by the administrator.