Today I updated my plugin f(x) Favicon (no longer available, WordPress now have “Site Icon” feature), and I would like to share in how I sanitize image URL in the plugin uploader.
Why sanitize image upload?
Basically what we need is to make sure that the input is an image URL. So, we don’t want user to input other file such as document file, video file, mp3 file, etc.
And this is to make sure our plugin/theme working correctly. We also need to do this check before loading the file.
<link rel="shortcut icon" href="http://siteurl.com/path/favicon.png"/>
<link rel="shortcut icon" href="http://siteurl.com/path/some-random-file.doc"/>
Read More How to Sanitize Image Upload?