From 08f3882901cf21a29f08cbdde403ad138d427815 Mon Sep 17 00:00:00 2001
From: "K. Belardinelli" <k@kangabell.co>
Date: Wed, 18 Feb 2015 17:02:19 -0500
Subject: [PATCH] sanitize user input

---
 functions.php | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/functions.php b/functions.php
index c81ae37..708833c 100755
--- a/functions.php
+++ b/functions.php
@@ -312,7 +312,8 @@ function serena_customize_register( $wp_customize )
 	    'description' => 'Upload a logo to replace the default site name and description in the header',
 	) );
 	
-	$wp_customize->add_setting( 'serena_logo' );
+	$wp_customize->add_setting( 'serena_logo', array(
+		'sanitize_callback' => 'sanitize_file_name' ));
 	
 	$wp_customize->add_control( new WP_Customize_Image_Control( $wp_customize, 'serena_logo', array(
 	    'label'    => __( 'Logo', 'serena' ),
@@ -328,7 +329,11 @@ function serena_customize_register( $wp_customize )
 
 	  foreach($colors as $color)
 	  {
-	    $wp_customize->add_setting( $color['slug'], array( 'default' => $color['default'], 'type' => 'option', 'capability' => 'edit_theme_options' ));
+	    $wp_customize->add_setting( $color['slug'], array( 
+	    	'default' => $color['default'], 
+	    	'type' => 'option', 
+	    	'capability' => 'edit_theme_options', 
+	    	'sanitize_callback' => 'sanitize_hex_color' ));
 
 	    $wp_customize->add_control( new WP_Customize_Color_Control( $wp_customize, $color['slug'], array( 
 			'label' => $color['label'],