sanitize user input

functions.php

@@ -312,7 +312,8 @@ function serena_customize_register( $wp_customize )
 	    'description' => 'Upload a logo to replace the default site name and description in the header',
 	) );
 
-	$wp_customize->add_setting( 'serena_logo' );
+	$wp_customize->add_setting( 'serena_logo', array(
+		'sanitize_callback' => 'sanitize_file_name' ));
 
 	$wp_customize->add_control( new WP_Customize_Image_Control( $wp_customize, 'serena_logo', array(
 	    'label'    => __( 'Logo', 'serena' ),
@@ -328,7 +329,11 @@ function serena_customize_register( $wp_customize )
 
 	  foreach($colors as $color)
 	  {
-	    $wp_customize->add_setting( $color['slug'], array( 'default' => $color['default'], 'type' => 'option', 'capability' => 'edit_theme_options' ));
+	    $wp_customize->add_setting( $color['slug'], array( 
+	    	'default' => $color['default'], 
+	    	'type' => 'option', 
+	    	'capability' => 'edit_theme_options', 
+	    	'sanitize_callback' => 'sanitize_hex_color' ));
 
 	    $wp_customize->add_control( new WP_Customize_Color_Control( $wp_customize, $color['slug'], array( 
 			'label' => $color['label'],