Used to prevent directory traversal attacks, or to test a filename against a whitelist.
<?php validate_file( $file, $allowed_files ); ?>
$path = 'uploads/2012/12/my_image.jpg'; return validate_file( $path ); // returns 0 (valid path)
$path = '../../wp-content/uploads/2012/12/my_image.jpg'; return validate_file( $path ); // returns 1 (invalid path)
Be careful making boolean interpretations of the result, since false (0) indicates the filename has passed validation, whereas true (> 0) indicates failure.
validate_file() is located in wp-includes/functions.php
.
See the Data Validation article for an in-depth discussion of input and output sanitization.