Used to prevent directory traversal attacks, or to test a filename against a whitelist.
<?php validate_file( $file, $allowed_files ); ?>
$path = 'uploads/2012/12/my_image.jpg'; echo validate_file( $path ); // echoes 0 (valid path) $path = '../../wp-content/uploads/2012/12/my_image.jpg'; echo validate_file( $path ); // echoes 1 (invalid path)
Be careful making boolean interpretations of the result, since false (0) indicates the filename has passed validation, whereas true (> 0) indicates failure.
validate_file() is located in
See the Data Validation article for an in-depth discussion of input and output sanitization.