diff --git a/user_guide_src/source/libraries/images.rst b/user_guide_src/source/libraries/images.rst
index 4696b0d126d4..2bffd2b9a122 100644
--- a/user_guide_src/source/libraries/images.rst
+++ b/user_guide_src/source/libraries/images.rst
@@ -42,6 +42,14 @@ The available Handlers are as follows:
    On Windows, the ImageMagick handler requires **absolute file paths** when
    loading images (for example, using ``WRITEPATH`` or ``FCPATH``).
 
+.. warning::
+    Do not let user input directly decide the image source path, storage
+    directory, or filename. This includes values passed to methods like
+    ``save()``, ``copy()`` and others, and any path or filename used to store
+    processed images. Use directories controlled by your application, and
+    generate filenames yourself or sanitize them with
+    :php:func:`sanitize_filename`.
+
 *******************
 Processing an Image
 *******************