diff --git a/modules/system/system.api.php b/modules/system/system.api.php
index 4005389004dd95c707db56afc67b3ec8da41a36c..8e2e8957ed0b11964849f329e1ecde0971f149b7 100644
--- a/modules/system/system.api.php
+++ b/modules/system/system.api.php
@@ -2687,22 +2687,21 @@ function hook_file_delete($file) {
  *   NULL.
  *
  * @see file_download()
- * @see upload_file_download()
  */
 function hook_file_download($uri) {
   // Check if the file is controlled by the current module.
   if (!file_prepare_directory($uri)) {
     $uri = FALSE;
   }
-  $result = db_query("SELECT f.* FROM {file_managed} f INNER JOIN {upload} u ON f.fid = u.fid WHERE uri = :uri", array('uri' => $uri));
-  foreach ($result as $file) {
-    if (!user_access('view uploaded files')) {
+  if (strpos(file_uri_target($uri), variable_get('user_picture_path', 'pictures') . '/picture-') === 0) {
+    if (!user_access('access user profiles')) {
+      // Access to the file is denied.
       return -1;
     }
-    return array(
-      'Content-Type' => $file->filemime,
-      'Content-Length' => $file->filesize,
-    );
+    else {
+      $info = image_get_info($uri);
+      return array('Content-Type' => $info['mime_type']);
+    }
   }
 }